Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the '10.5: Apache 2 site troubles with permissions and folders' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.5: Apache 2 site troubles with permissions and folders
Authored by: jrguitar21 on Nov 13, '08 04:56:11PM

I've migrated a PowerBook G4 with 10.5 to a new MBP (late 2008 model). The User migration changed a few things around and left a lot of things not working. One new thing is this new ":staff" group. Anyway the current state is thus:

The error I'm seeing in the Browser when i try to access one of my symlinked virtual hosts, living in my Sites folder. 403 Forbidden: You don't have permission to access / on this server.

The ~/Sites folder has perms: drwxrwxr-x@ and is owned by "username:staff". It contains a bunch of symlinks to another folder where the html of my project is located, eg,

lrwxr-xr-x 1 username staff 20B Nov 10 17:59 ~/Sites/projectdomain.com.dev@ -> ../Projects/projectname/website/html

I followed all the other steps in this thread, and got my httpd.conf cleared up of all quotations, changed Directory / to Allow from all, basically reverting it to the state it was in on my PB G4. Additionally the /etc/hosts file is setup appropriately to send my .dev urls to 127.0.0.1, and the vhosts are also setup accordingly /etc/apache2/extra/httpd-vhosts.conf Again, All this setup was working fine on my PowerBook with 10.5 + apache2. The only visible difference is that i had to install a new version of entropy php5 (for intel chipset) and the group for all my files has changed from "username" to "staff".

To outline some of the things I've tried to no success:

  • chgrp -R staff ~/Sites ~/Projects
  • remove all quotations from ErrorLog, DocumentRoot, Directory, VirtualHost etc
  • changed <Directory /> ( line 177 or alike) to Allow from all.
  • run apache as User www, Group staff
  • remove the newly added <IfModule !mpm_winnt_module> that now appears inside <IfModule !mpm_netware_module>
Finally, some interesting notes.
  • my symlink Sites setup was and still is working fine on my PowerBook from which I migrated.
  • The 403 Forbidden perms problem only shows up when i have symlinks in Sites. The problem goes away if I actually move the project's "html" folder to reside in ~/Sites. (I dont want to have to do that, it messes up my entire workflow and project organizational folder structure for over 100 projects.)
  • chmod og+w ~/Sites/* has no effect on the symlinks! (dunno if this might help the perms problem or not)
  • If i create an "alias" instead of a unix symlink via Finder's CMD+OPT+Drag, the browser returns 404 Not Found for URL /
  • I have the mod_bonjour enabled on both machines, i dont really use localhost/~username/ to access my ~Sites folder and dont care about it other than this important fact: accessing a symlinked folder (eg http://localhost/~username/projectdomain.com.dev/) works on the MBP, but i get 403 permissions error for the same folder on the old PowerBook (where http://projectdomain.com.dev actually works)! This might be a clue into the problem, but don't know where to look to fix this.
I'm no apache or unix guru, but I know my way around enough to know something is definitely weird here. Your troubleshooting help will be GREATLY appreciated.

---
the journey is the reward

[ Reply to This | # ]

SOLVED, but still there's a bug, Apple.
Authored by: jrguitar21 on Nov 13, '08 05:18:39PM

my last note about how the mod_bonjour works to display the contents of the symlinked folders correctly on the MBP but not on the PowerBook was slightly flawed, but it got me thinking.... KenDRhyD above stated something similar that his problems were fixed as well by changing the staff folder perms, but that now his http://localhost/~username/ (~/Sites folder) doesnt work.

Well, actually its userdir_module, not mod_bonjour that provides that functionality. (At one point I had seen some output in the console that led me to believe mod_bonjour was creating those directories.) ANYWAY, I commented the line circa 111 in /etc/apache2/httpd.conf:


#LoadModule userdir_module libexec/apache2/mod_userdir.so

and circa line 465:


# User home directories
#Include /private/etc/apache2/extra/httpd-userdir.conf

Restarted apache, and now my symlinks work fine, but obviously no ~username/ directory listings now.

---
the journey is the reward

[ Reply to This | # ]