How do I give Apache Access to folders on MAC OSx?

Question

I'm real new to Mac and Apache. I my development machine my website cannot access any files under the web roots /images or /css folders.

The apache log gives the following error:

(13)Permission denied: file permissions deny server access:

The site is hosted up under the 'Sites' folder. I checked in 'Get Info' on this folder and it seems that 'Everyone' has read access. What gives?

Thanks!

Answer 1

This method is safe & fast to test, and easy to switch back if it's not working (it won't mess up things even more, which is ofter a problem when fixing these kind of issues:

1. Locate httpd.conf (you can do it with httpd -V in terminal)
2. Open this file in Brackets or any text editor
3. In this file, find:
   User _www
Group _www
4. Change it to
   User {your username}
Group staff

Maybe you will have to add something else to your User and Group:

1. In this httpd.conf file, you can also find a path to your webserver, just search for DocumentRoot. Copy this path, and navigate to it in terminal with cd command, for example:
   cd /Library/WebServer/Documents
   
2. When you are in, do a ls -l. This will give you info about webroot folder ownership. Adjust your User and Group in the httpd.conf regarding this
   
3. You can also enter the webroot folder and check the sites ownerships as well with ls -l, and update httpd.conf regarding that.
   
   

If this is not working, don't forget to switch back to:
User _www
Group _www

Answer 2

I've found 2 things did the trick for me (I was specifically trying to get apache to have access to the Downloads folder):

1. In System Preferences -> Security & Privacy -> Privacy scroll to Full Disk Access on the left, make sure you unlock at bottom, and then click the + to add an app. Navigate to /usr/sbin and find the executable httpd and add that, making sure it has full disk access enabled. Re-lock the preferences

2. Right click the particular folder in Finder and choose Get Info, then under Sharing & Permissions, allow access for the "everyone" user (or if you are trying to be more security conscious, perhaps only allow for "_www" user - but I did not test this).

That solved it for me

Answer 3

The problem is that Apache runs with a user different to the user owner of files, and the Apache's user doesn't have read/write/execute permissions. In my case the user was _www and is member of the _www group.

I solved this issue changing the group of the files to the _www:

1. Look for the apache's user and group. I used this php script:

   <?php
   echo exec('whoami') . '<br>';
   echo exec('groups') . '<br>';
   ?>
   

2. Login with the user owner of the files.

3. Add the user owner of files to the _www group.

   $ sudo dseditgroup -o edit -a userOwnerOfFiles -t user _www
   

4. Change the group of files needed to _www

   $ chgrp -R _www path/containing/files
   

5. Change file permissions for the group

   $ chmod -R g+rwx path/containing/files
   

Answer 4

Another alternative way of solving this is using extended attributes in MacOSX

chmod +a "_www allow list,read,search,readattr,readsecurity,file_inherit,directory_inherit" /path/to/document_root

Answer 5

This was a tough one for me today. It turned out that I needed to give permissions to the web server to the entire directory tree all the way up to the doc root.

It came up for me today because I'm using a virtual host and storing the files pretty far up a tree in my user directory.

I did not want to recursively change all the thousands of files in my Documents directory so I just chmod ed each folder in the path. In my home directory:

$ chmod 755 Documents
$ chmod 755 Documents/projects
$ chmod 755 Documents/projects/dev
$ chmod 755 Documents/projects/dev/someglamorousclientname/
$ chmod 755 Documents/projects/dev/someglamorousclientname/docroot