Reputation: 19684
I'm real new to Mac and Apache. I my development machine my website cannot access any files under the web roots /images or /css folders.
The apache log gives the following error:
(13)Permission denied: file permissions deny server access:
The site is hosted up under the 'Sites' folder. I checked in 'Get Info' on this folder and it seems that 'Everyone' has read access. What gives?
Thanks!
Upvotes: 7
Views: 21965
Reputation: 590
This method is safe & fast to test, and easy to switch back if it's not working (it won't mess up things even more, which is ofter a problem when fixing these kind of issues:
httpd.conf
(you can do it with httpd -V
in terminal)User _www
Group _www
User {your username}
Group staff
Maybe you will have to add something else to your User
and Group
:
httpd.conf
file, you can also find a path to your webserver, just search for DocumentRoot
. Copy this path, and navigate to it in terminal with cd
command, for example:cd /Library/WebServer/Documents
ls -l
. This will give you info about webroot folder ownership. Adjust your User
and Group
in the httpd.conf
regarding this
ls -l
, and update httpd.conf
regarding that.
If this is not working, don't forget to switch back to:
User _www
Group _www
Upvotes: 2
Reputation: 489
I've found 2 things did the trick for me (I was specifically trying to get apache to have access to the Downloads folder):
In System Preferences -> Security & Privacy -> Privacy scroll to Full Disk Access on the left, make sure you unlock at bottom, and then click the + to add an app. Navigate to /usr/sbin and find the executable httpd
and add that, making sure it has full disk access enabled. Re-lock the preferences
Right click the particular folder in Finder and choose Get Info, then under Sharing & Permissions, allow access for the "everyone" user (or if you are trying to be more security conscious, perhaps only allow for "_www" user - but I did not test this).
That solved it for me
Upvotes: 4
Reputation: 511
The problem is that Apache runs with a user different to the user owner of files, and the Apache's user doesn't have read/write/execute permissions. In my case the user was _www
and is member of the _www
group.
I solved this issue changing the group of the files to the _www
:
Look for the apache's user and group. I used this php script:
<?php
echo exec('whoami') . '<br>';
echo exec('groups') . '<br>';
?>
Login with the user owner of the files.
Add the user owner of files to the _www
group.
$ sudo dseditgroup -o edit -a userOwnerOfFiles -t user _www
Change the group of files needed to _www
$ chgrp -R _www path/containing/files
Change file permissions for the group
$ chmod -R g+rwx path/containing/files
Upvotes: 26
Reputation: 455
Another alternative way of solving this is using extended attributes in MacOSX
chmod +a "_www allow list,read,search,readattr,readsecurity,file_inherit,directory_inherit" /path/to/document_root
Upvotes: 3
Reputation: 701
This was a tough one for me today. It turned out that I needed to give permissions to the web server to the entire directory tree all the way up to the doc root.
It came up for me today because I'm using a virtual host and storing the files pretty far up a tree in my user directory.
I did not want to recursively change all the thousands of files in my Documents directory so I just chmod ed each folder in the path. In my home directory:
$ chmod 755 Documents
$ chmod 755 Documents/projects
$ chmod 755 Documents/projects/dev
$ chmod 755 Documents/projects/dev/someglamorousclientname/
$ chmod 755 Documents/projects/dev/someglamorousclientname/docroot
Upvotes: 2