diff --git a/apache/vhosts/standard.sls b/apache/vhosts/standard.sls
index 0480a26fb0b905a8b913da8f3b854b850e1531cc..678f3deeca8a6e28af6ecd96a7e4957a282d994b 100644
--- a/apache/vhosts/standard.sls
+++ b/apache/vhosts/standard.sls
@@ -26,12 +26,8 @@ include:
file.directory:
- name: {{ documentroot }}
- makedirs: True
-{% if site.get('DocumentRootUser') %}
- - user: {{ site.DocumentRootUser }}
-{% endif %}
-{% if site.get('DocumentRootGroup') %}
- - group: {{ site.DocumentRootGroup }}
-{% endif %}
+ - user: {{ site.get('DocumentRootUser', apache.get('document_root_user'))|json }}
+ - group: {{ site.get('DocumentRootGroup', apache.get('document_root_group'))|json }}
- allow_symlink: True
{% endif %}
diff --git a/pillar.example b/pillar.example
index 9d8330bfa2e00c63a6035425367a3b54cfad1af7..5eb5cf25e72fc6555d026f4df3ed3f09ee6f7e59 100644
--- a/pillar.example
+++ b/pillar.example
@@ -26,6 +26,11 @@ apache:
# Default value for AddDefaultCharset in RedHat configuration
default_charset: 'UTF-8'
+ # Should we enforce DocumentRoot user/group?
+ # Default: do not enforce
+ document_root_user: www-data # Force user if specified, leave it default if not
+ document_root_group: null # Do not enforce group
+
global:
# global apache directives
AllowEncodedSlashes: 'On'
@@ -71,8 +76,8 @@ apache:
CustomLog: /path/to/logs/example.com-access.log # E.g.: /var/log/apache2/example.com-access.log
DocumentRoot: /path/to/www/dir/example.com # E.g., /var/www/example.com
- DocumentRootUser: www-data # Force user if specified, leave it default if not
- DocumentRootGroup: www-data # Force group if specified, leave it default if not
+ DocumentRootUser: null # do not enforce user, defaults to lookup:document_root_user
+ DocumentRootGroup: www-data # Force group, defaults to lookup:document_root_group
SSLCertificateFile: /etc/ssl/mycert.pem # if ssl is desired
SSLCertificateKeyFile: /etc/ssl/mycert.pem.key # if key for cert is needed or in an extra file