As explained elsewhere (on 4xtra and HMW‘s websites) we have discovered a need (if that’s the right phrase) to run each of our sites hosting a PHP based system as separate users, not as the default Apache user.
This has involved a lot of searching around on the Internet. Fortunately a lot of the instructions I found are for Ubuntu, which is my target distribution, but I couldn’t find one which worked “out of the box” for Ubuntu 16 as so much has changed from release to release: some steps are now performed automatically, files have been relocated, PHP has been upgraded. All make for subtle differences.
May of the examples are for Nginx, which I’ve never used and frankly I’m happy with Apache and the extra controls that a .htaccess file gives me: a feature I believe Nginx doesn’t have.
These instructions are for Apache 2.4.18 and Unbuntu 16.04 and I’m assuming that like me you have an existing Apache installation with www-data owning, and PHP 7.0.13 running, your existing websites. It should all work for other close versions too.
Some writers say that the resulting configuration runs faster than the usual arrangements, some say it’s slower. For the size of the sites we are dealing with that’s not the pertinent question – we want to do this for increased security, not speed.
I hope any readers find it useful so here it is