Apache permissions
When accessing websites on your "localhost", there are several permissions which are required. The localhost content may be in your Sites directory, in which case, these commands may help prevent any "Forbidden" messages.
Ensure the Users directory allows read directory access:
cd /
sudo chmod -v 755 Users
Ensure the username directory allows read directory access:
cd Users
sudo chmod -v 755 username
Ensure your Sites directory allows read directory access:
cd ~
chmod -v 755 Sites
Every subdirectory of Sites needs read access:
cd ~/Sites
find ~/Sites -type d -print -exec chmod 755 {} \;
Every file in Sites and subdirectories needs read access:
cd ~/Sites
fing ~/Sites -type f -print -exec chmod 644 {} \;
Apache uses the _www group so, to give Apache full access to everything in the Sites directory, set the extended attributes with this:
chmod -R +a "group:_www allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit" ~/Sites
Assuming few people ever use OS X in a production environment, it is nice to let apache do whatever it wants with the document root. You can do this with the "inheritance" feature of ACL's:
sudo chmod -R +a "group:_www allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit" /Library/WebServer/Documents/
The above command will give the default apache group full read/write access to everything in the default document root and apply "inheritance" flags so any new files/directories created will also be writable by apache, even if apache did not create them.
I also like to run this command:
sudo chmod -R +a "group:staff allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit" /Library/WebServer/Documents/
Which will give "staff" users (basically that means all "real" users) full access to everything, even files created by apache.