Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

10.5: Apache 2 site troubles with permissions and folders System 10.5
Upon upgrading to Leopard via upgrade install, I couldn't get to my Test webserver on my localhost. I got a 403 error, that I wasn't allowed to access my directory. Going to Finder and doing a Get Info on the Sites folder told me that I had read and write privileges, but a user (Unknown) had read privileges. I couldn't remove this user. Clicking the + symbol would crash Finder, every time.

The fix to this is to go into Terminal, and from your home folder, type:
$ cd ..
$ chown -R :staff name_of_home_folder
Where name_of_home_folder is the name of your user's home folder. This will stop Get Info from crashing, but it won't fix the 403 error. Now that 403 error is occurring because Tiger ships with Apache2 and activates it by default, ignoring Apache1.x configuration files -- thanks for making that clear, Apple!

To solve that, all you have to do is type this into a Terminal...
cp /etc/httpd/users/*.conf /etc/apache2/users/
Then stop and start personal web sharing, and you should be able to see your sites again. Note that if you messed with your old /etc » httpd » httpd.conf file, then you'll have to move those settings to /etc » apache2 » httpd.conf. Phew. Having this hint would have saved me a few hours, so I hope that it helps you.
    •    
  • Currently 3.00 / 5
  You rated: 4 / 5 (6 votes cast)
 
[30,573 views]  

10.5: Apache 2 site troubles with permissions and folders | 18 comments | Create New Account
Click here to return to the '10.5: Apache 2 site troubles with permissions and folders' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.5: Apache 2 site troubles with permissions and folders
Authored by: malcolmp on Nov 05, '07 05:14:52PM

Thanks, this was really helpful. I had enabled server side includes on Tiger, and they stopped working on Leopard. I didn't realize the new location for the apache 2 config. Added the Includes option and uncommented the .shtml handling (again) in the new config and includes are working again.



[ Reply to This | # ]
Change group ownership of all files?
Authored by: macgruder on Nov 05, '07 07:59:26PM
$ chown -R :staff name_of_home_folder
will change the group ownership of every file and folder in your home which doesn't seem to be necessary for fixing a problem with the Sites folder. Why not:

$ cd
$ chgrp -R staff Sites
[or $ chown -R :staff Sites]


[ Reply to This | # ]
Change group ownership of all files?
Authored by: sgmsbro on Nov 06, '07 06:46:37PM

I submitted this hint. My second anonymous hint. I must learn to wise up and be logged in first.

The reason is that the (Unknown) user is on ALL folders beneath the home directory. This causes a crash in the get info pane when you try to change access rights.

I discovered this by simply creating a new account in Leopard. I noticed the proper access was to username and staff, so if you have that one permission problem on Sites, chances are you have it everywhere else too.



[ Reply to This | # ]
10.5: Apache 2 site troubles with permissions and folders
Authored by: KenDRhyD on Nov 06, '07 06:15:58AM
I did not have the problem with the permissions, as all files were owned by "staff" after the upgrade, but I did have a problem accessing my local site, as you noted.

Copying the .conf file(s) from the original location to the /etc/apache2/users/ folder got rid of that error, but now I get this error: Safari can't open the page "http://172.16.1.200/~krallen/" because it could not connect to the server "172.16.1.200". I can access http::/172.16.1.200/, but not my own site folder.

I also moved one of my test site definition from the /etc/httpd/httpd.conf file to the /private/etc/apache2/extra/httpd-vhosts.conf file, with the following syntax:

<VirtualHost *:80*gt;
   ServerAdmin kendrhyd@sympatico.ca
   DocumentRoot /Users/krallen/Sites/D2TestSite
   ServerName d2.test
</VirtualHost>
When I attempt to access the "d2.test" site, I get the error Safari can't open the page "http://d2.test/" because it can't find the server "d2.test"

I have checked, and the (DHCP) address for my system is 172.16.1.200 (and my account short name is "krallen").

Any ideas what I am doing wrong?

[ Reply to This | # ]

10.5: Apache 2 site troubles with permissions and folders
Authored by: albockiole on Nov 06, '07 06:56:02AM

You'll have to edit your /etc/hosts file (this is where it is in Tiger, should be the same in Leopard) so your computer knows where to direct all traffic to d2.test.

Go to the end of the file and add the following:

# Development virtual hosts
127.0.0.1 d2.test

If you ever decide to add more virtual hosts, just put a space after the last host and add the next one, like so:

# Development virtual hosts
127.0.0.1 d2.test d3.test d4.test d5.test


[ Reply to This | # ]
10.5: Apache 2 site troubles with permissions and folders
Authored by: KenDRhyD on Nov 06, '07 07:48:25AM
I added the entry to /etc/hosts as you suggested and the error went away, but it is not showing the expected page. Instead I am getting the standard "Test Page for Apache installation", which indicates there is something wrong with the Apache configuration!

After stopping and starting web sharing a couple of times, I am now able to view my local web site, but not this virtual site.

[ Reply to This | # ]

10.5: Apache 2 site troubles with permissions and folders
Authored by: yendor on Nov 06, '07 02:48:59PM

> The fix to this is to go into Terminal, and from your home folder, type:
> $ cd ..
> $ chown -R :staff name_of_home_folder

I did this on two Macs before stumbling on what is probably the correct/easiest solution. Unfortunately I don't have any more Macs to upgrade so I can't verify. :(

After copying the users/*.conf files, go to System Preferences > Accounts. At the bottom of the user list on the left side you will see "> Groups". Click the triangle to expand the group list, select the group that matches your shortname, and add yourself to the membership list. Logout and back in and I suspect the permissions problems will be resolved. This will probably fix the "(unknown)" in "Sharing & Permissions" in Finder "Get Info" also.



[ Reply to This | # ]
10.5: Apache 2 site troubles with permissions and folders
Authored by: lapeyre2 on Nov 06, '07 04:07:48PM

the default /private/etc/apache2/httpd.conf has been made against us:
You will find a Deny from all under <Directory /> ( line 177 or alike). Change it to Allow from all.

If this wasn't sufficient, try removing any double quote found on the DocumentRoot + ErrorLog + CustomLog<VirtuaHost> section in /private/etc/apache2/extra/httpd-vhosts.conf.

If nothing is fine at this point adding a <directory /path/to/your/site/folder> section within your <VirtualHost> (in httpd-vhosts.conf again) section could help.

Example :

<VirtualHost *:80>
ServerAdmin webmaster@dummy-host.example.com
DocumentRoot /www/docs/dummy-host.example.com
ServerName dummy-host.example.com
ServerAlias www.dummy-host.example.com
ErrorLog /private/var/log/apache2/dummy-host.example.com-error_log
CustomLog /private/var/log/apache2/dummy-host.example.com-access_log common
<Directory /www/docs/dummy-host.example.com>
    Options FollowSymLinks
    AllowOverride None
    Order deny,allow
    Allow from all
</Directory>
</VirtualHost>



[ Reply to This | # ]
10.5: Apache 2 site troubles with permissions and folders
Authored by: KenDRhyD on Nov 07, '07 03:56:18AM
I have tried all of the changes you suggested, to no avail -- attempts to access my virtual host named "d2.test" simply result in the "Test Page for Apache Installation" being displayed.

I should note that my 'home' page displayed clean even after making the changes you proposed, but I cannot get at the test site directly (which messes up relative path references).

Interestingly enough, since my pages are PHP based, if I enter the URL as d2.test/index.php, I get a 'file not found' page; but if I enter d2.test/index.hrml then the Apache test page is displayed. This would seem to indicate that the virtual host is not being properly referenced, would it not?

Here is my entry from /private/etc/apache2/extra/httpd-vhosts.conf:


<VirtualHost *:80>
	ServerAdmin kendrhyd@sympatico.ca
	DocumentRoot /Users/krallen/Sites/D2TestSite
	ServerName d2.test
	ErrorLog /Users/krallen/Sites/D2TestSite.log
	<Directory /Users/krallen/Sites/D2TestSite>
		Options FollowSymLinks
		AllowOverride None
		Order deny,allow
		Allow from all
	</Directory>
</VirtualHost>


[ Reply to This | # ]
10.5: Apache 2 site troubles with permissions and folders
Authored by: lapeyre2 on Nov 07, '07 11:46:31AM
  1. didn't you forget to uncomment the line Include /private/etc/apache2/extra/httpd-vhosts.conf in httpd.conf ?
  2. did you add the line :
    127.0.0.1	d2.test
    in /private/etc/hosts ?


[ Reply to This | # ]
10.5: Apache 2 site troubles with permissions and folders
Authored by: KenDRhyD on Nov 12, '07 06:02:39AM
I have made the following changes:
  1. Edited /private/etc/hosts to add the line 127.0.0.1 d2.test
  2. Edited /private/etc/apache2/httpd.conf to enable the PHP2 and fast CGI load modules, to change the ServerAdmin to my email address, edited the Directory entry to read Allow from all, and uncommented the line Include /private/etc/apache2/extra/httpd-vhosts.conf. Note that I did not edit the #ServerName www.example.com:80 line, leaving it as original (commented out).
  3. I edited the /private/etc/apache2/extra/httpd-vhosts.conf file to add the entry for my d2.test site, as noted in the earlier posting
Often when I start web sharing and try to visit my default web site, but if I stop and start it again it usually works. So my default (~krallen) web site it loading.

When I enter d2.test as the URL, I get a page that indicates Safari can't open the page "http://d2.test/" because it could not connect to the server "d2.test".

I cannot see that I am missing anything or doing anything wrong, but it will not load the alternate site. Please provide any insights possible.

[ Reply to This | # ]

10.5: Apache 2 site troubles with permissions and folders
Authored by: KenDRhyD on Nov 12, '07 06:20:47AM
Some additional tests reveal that the problem is more odd than I suspected.

As a test, I modified the index.html file in my default site (~krallen) to include a link to the root of my alternate site:

<p><a href='./D2TestSite/index.php'>D2 Test Site link</a></p>
If I leave the Include /private/etc/apache2/extra/httpd-vhosts.conf line commented out, then the link works (except that my page is not host rooted properly, so the code in the page does not work as expected.

If I uncomment the Include /private/etc/apache2/extra/httpd-vhosts.conf line (and stop and restart web sharing), then I almost always get an error when I click on the preferences link to my default site: Safari can't open the page "http://172.16.1.200/~krallen/" because it could not connect to the server "172.16.1.200".. Every once in a while I get the default site to load with the line uncommented, but then that new link fails with a similar error, but the URL now has my alternate site directory appended.

Arrgghh!

[ Reply to This | # ]

10.5: Apache 2 site troubles with permissions and folders
Authored by: KenDRhyD on Nov 16, '07 03:32:48PM
Actually, the problem is more fundamental (but I still do not know how to correct it).

On a new Leopard install, if I enable web sharing, the logged-in user default web page URL works and displays the default page provided by Leopard.

If I edit the /private/etc/apache2/httpd.conf file to uncomment the line that includes the /private/etc/apache2/extra/httpd-vhosts.conf file and then stop and restart web sharing, I cannot access the logged-in user web site! It reports the error that it cannot access the specified server (which is the IP address of the current system).

If I edit the file to comment out that include line and stop and start web sharing once more, then I can again access the logged-in user web site! Why does including the default (provided) version of this file prevent the default web site from loading? Is there something I have to change to permit the logged-in web site to work when this fil eis included?

[ Reply to This | # ]

10.5: Apache 2 site troubles with permissions and folders
Authored by: cagg on Nov 07, '07 07:50:36PM

"...because Tiger ships with Apache2 and activates it..."

sorry to be picky, but I assume you mean Leopard ;-)



[ Reply to This | # ]
10.5: Apache 2 site troubles with permissions and folders
Authored by: riceandfish on Jul 23, '08 01:15:44PM

Hey when I do this on the terminal it keeps telling me permission denied. WHy is that?



[ Reply to This | # ]
10.5: Apache 2 site troubles with permissions and folders
Authored by: Whiterock on Jul 23, '08 01:42:59PM

I had it working until the last system update (10.5.4) and now am refused permission on my own computer. I checked the old fixes and they're still in place. Looks like Apple doesn't want us to have home servers. Can anyone help?

---
Whiterock



[ Reply to This | # ]
10.5: Apache 2 site troubles with permissions and folders
Authored by: jrguitar21 on Nov 13, '08 04:56:11PM

I've migrated a PowerBook G4 with 10.5 to a new MBP (late 2008 model). The User migration changed a few things around and left a lot of things not working. One new thing is this new ":staff" group. Anyway the current state is thus:

The error I'm seeing in the Browser when i try to access one of my symlinked virtual hosts, living in my Sites folder. 403 Forbidden: You don't have permission to access / on this server.

The ~/Sites folder has perms: drwxrwxr-x@ and is owned by "username:staff". It contains a bunch of symlinks to another folder where the html of my project is located, eg,

lrwxr-xr-x 1 username staff 20B Nov 10 17:59 ~/Sites/projectdomain.com.dev@ -> ../Projects/projectname/website/html

I followed all the other steps in this thread, and got my httpd.conf cleared up of all quotations, changed Directory / to Allow from all, basically reverting it to the state it was in on my PB G4. Additionally the /etc/hosts file is setup appropriately to send my .dev urls to 127.0.0.1, and the vhosts are also setup accordingly /etc/apache2/extra/httpd-vhosts.conf Again, All this setup was working fine on my PowerBook with 10.5 + apache2. The only visible difference is that i had to install a new version of entropy php5 (for intel chipset) and the group for all my files has changed from "username" to "staff".

To outline some of the things I've tried to no success:

  • chgrp -R staff ~/Sites ~/Projects
  • remove all quotations from ErrorLog, DocumentRoot, Directory, VirtualHost etc
  • changed <Directory /> ( line 177 or alike) to Allow from all.
  • run apache as User www, Group staff
  • remove the newly added <IfModule !mpm_winnt_module> that now appears inside <IfModule !mpm_netware_module>
Finally, some interesting notes.
  • my symlink Sites setup was and still is working fine on my PowerBook from which I migrated.
  • The 403 Forbidden perms problem only shows up when i have symlinks in Sites. The problem goes away if I actually move the project's "html" folder to reside in ~/Sites. (I dont want to have to do that, it messes up my entire workflow and project organizational folder structure for over 100 projects.)
  • chmod og+w ~/Sites/* has no effect on the symlinks! (dunno if this might help the perms problem or not)
  • If i create an "alias" instead of a unix symlink via Finder's CMD+OPT+Drag, the browser returns 404 Not Found for URL /
  • I have the mod_bonjour enabled on both machines, i dont really use localhost/~username/ to access my ~Sites folder and dont care about it other than this important fact: accessing a symlinked folder (eg http://localhost/~username/projectdomain.com.dev/) works on the MBP, but i get 403 permissions error for the same folder on the old PowerBook (where http://projectdomain.com.dev actually works)! This might be a clue into the problem, but don't know where to look to fix this.
I'm no apache or unix guru, but I know my way around enough to know something is definitely weird here. Your troubleshooting help will be GREATLY appreciated.

---
the journey is the reward

[ Reply to This | # ]

SOLVED, but still there's a bug, Apple.
Authored by: jrguitar21 on Nov 13, '08 05:18:39PM

my last note about how the mod_bonjour works to display the contents of the symlinked folders correctly on the MBP but not on the PowerBook was slightly flawed, but it got me thinking.... KenDRhyD above stated something similar that his problems were fixed as well by changing the staff folder perms, but that now his http://localhost/~username/ (~/Sites folder) doesnt work.

Well, actually its userdir_module, not mod_bonjour that provides that functionality. (At one point I had seen some output in the console that led me to believe mod_bonjour was creating those directories.) ANYWAY, I commented the line circa 111 in /etc/apache2/httpd.conf:


#LoadModule userdir_module libexec/apache2/mod_userdir.so

and circa line 465:


# User home directories
#Include /private/etc/apache2/extra/httpd-userdir.conf

Restarted apache, and now my symlinks work fine, but obviously no ~username/ directory listings now.

---
the journey is the reward

[ Reply to This | # ]