I've tinkered with running a website using Apache on Linux for a few years now, but in my earlier days, I was a little naive and didn't pay too much attention to permissions.
Now that I'd like to host a very small site on a home server, I'm trying to take security seriously. I know I could easily use GoDaddy hosting, but this will pretty much be a static page blog that I'm sure no one will ever visit anyway. Also, it gives me the opportunity to learn.
In the past, I've always configured my virtual host to use a folder in my home directory. I've read that this is better practice, and it's always been easier than changing permissions for /var/www, but one problem with this is that the www-data user does not have permission to this folder.
I've been experimenting the last couple of days with giving ownership of /var/www to www-data and adding myself to the www-data group, but I've had a few hiccups (I'm sure I'm not doing everything correctly).
I've decided an easier route would be to keep the root web directory in my home folder, but change the user that runs Apache to myself. I've done some searching to see if this is recommended against, but really haven't been able to find too much about the issue in general.
Is this something that anyone else does on a public server? There won't be anything hosted on it that would concern me security wise, but it's always nice to know things are as secure as I can make them.