This is posted as a reminder to myself and a heads-up to any readers.
I wanted to password-protect a web directory, so I used sudo to create an .htpasswd file outside the webroot (in the config directory) and an .htaccess in the relevant webroot directory
And of course, that didn’t work. Apache said “500 error”. As eny fule noes, Apache needs to read the .htpassd file that Root was keeping to itself.
So I did a quick sudo chown www-data:www-data .htpasswd and everything was fine. For a little while, then it wasn’t.
When I looked, some Sympl thing had changed .htpasswd ownership to sympl:sympl. I realised that switching it back to www-data:www-data would be a Sisyphean task, because cron stays up all night.
So I tried a compromise - chown sympl:www-data - that seems to be the sweet spot. It works like that and doesn’t seem to get changed back!