Apache permissions

apache

When accessing websites on your "localhost", there are several permissions which are required. The localhost content may be in your Sites directory, in which case, these commands may help prevent any "Forbidden" messages.

Ensure the Users directory allows read directory access:

cd /
sudo chmod -v 755 Users

Ensure the username directory allows read directory access:

cd Users
sudo chmod -v 755 username

Ensure your Sites directory allows read directory access:

cd ~
chmod -v 755 Sites

Every subdirectory of Sites needs read access:

cd ~/Sites
find ~/Sites -type d -print -exec chmod 755 {} \;

Every file in Sites and subdirectories needs read access:

cd ~/Sites
fing ~/Sites -type f -print -exec chmod 644 {} \;

Apache uses the _www group so, to give Apache full access to everything in the Sites directory, set the extended attributes with this:

chmod -R +a "group:_www allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit" ~/Sites

Assuming few people ever use OS X in a production environment, it is nice to let apache do whatever it wants with the document root. You can do this with the "inheritance" feature of ACL's:

sudo chmod -R +a "group:_www allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit" /Library/WebServer/Documents/

The above command will give the default apache group full read/write access to everything in the default document root and apply "inheritance" flags so any new files/directories created will also be writable by apache, even if apache did not create them.

I also like to run this command:

sudo chmod -R +a "group:staff allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit" /Library/WebServer/Documents/

Which will give "staff" users (basically that means all "real" users) full access to everything, even files created by apache.

Related

Why is Java SE 6 Legacy required to open Intellij?
iPhone as 'headphones' for computer
What are the best apps for rescuing deleted data on flash drives?
Maximum number of pages on iPad, and maximum apps in a folder?
How can I make the power button on my MacBook run a custom script?
Any way to automatically lock *Me* out from *My Own* iPhone for a specific amount of time?
Can I give Automator apps a window?
Macbook Air intermittently can't find startup disk
Office 2016 does not work with MathType: Migration of Word documents with MathType equations
Apache 2 `UserDir` problem in OS X Mountain Lion (10.8) Server after upgrade from Lion (10.7)
What variable in the operating system determines the fans in OS X?
Unable to boot Windows 10 from Bootcamp external HDD