I have a file in my ~/Sites directory that works fine when I browse to it through coderama.local/~coderama/index2.php
Now I want to get tricky and move my index2.php file to somewhere else on my system, so I do this by creating a symbolic link. However, when I try to access coderama.local/~coderama/index2.php I now get the following error.
Any ideas anyone?
Thanks!
Forbidden
You don't have permission to access /~coderama/index2.php on this server.
That's a configurable Apache option. It appears that by default on Macs (and probably most installations) Apache is configured to not follow symbolic links. I'm guessing (as others mention above) that it's for security purposes.
But it can be really convenient at times to enable following of symbolic links, particularly during development of certain kinds of apps. What you need to do is 1) change the Apache configuration to allow the following of symbolic links, and then 2) restart Apache.
The configuration step is performed as follows:
a) cd /etc/apache2 (this is where Apache's configuration files are by default on a Mac)
b) you'll see a couple of directories here. One is called users
c) cd users
d) ls should reveal a .conf file with your login name (login.conf) I'm "marvo" so mine is named "marvo.conf"
e) Edit this file (I use vi) -- but you have to do it using sudo:
sudo vi marvo.conf
f) You'll see something like
<Directory "/Users/marvo/Sites/">
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
g) Add the "FollowSymLinks" option so that the second line of that .conf file looks like:
Options Indexes MultiViews FollowSymLinks
(You can find other configuration options out there on the 'net. I found this page: http://httpd.apache.org/docs/2.0/mod/core.html#directory )
h) Save the file.
Now you have to restart Apache so that it picks up the configuration change. Googling around a bit, I found that this is most easily done from the command line with the following command:
sudo /usr/sbin/apachectl restart
(Found that at http://mcapewell.wordpress.com/2006/09/22/restart-apache-in-mac-os-x/ )
Now that symbolic link should work just fine on your Sites pages.
Had the same issue. Unfortunately, Marvo's answer wasn't enough.
The problem lies with the permissions set on every folder in the path, starting from ~/. The directories needs the execute flag set to be able to recurse the directory tree. So, in my case, I symlinked a theme folder from ~/Dropbox/projects/theme to a wordpress install on ~/Site/wordpress.
The answer was:
chmod a+x ~/Dropbox/
chmod a+rx ~/Dropbox/projects
This is an old issue, but if anyone reaches this page, it might be useful. :)
Seems like a security issue (also suggested by Matt)
http://discussions.apple.com/thread.jspa?threadID=1771399
I don't remember the specific reason why, but it doesn't work. It's a security issue. You can use XAMPP http://www.apachefriends.org/en/xampp-macosx.html or MAMP http://www.mamp.info/en/index.html to get around this.
In addition to Marvo's answer. What helped me was to Change the permission on Documents folder:
cd ~
chmod a+rx Documents/
Also make sure you have a directive in your httpd-vhosts.conf
Otherwise you get the same '403 forbidden in the browser', with 'the client denied by server configuration in the error log.
Related
I'm running El Capitan and trying to get my website hosted locally for development with Apache (that came with the OS). I followed the instructions here exactly. I made an anthony.conf file and put the Directory text in there, I replaced the actual directory with /Users/anthony/dev/web/unfinished-asteroids/ and then placed my web files in there. I started apache and navigated for localhost/~anthony but I get the
Not Found: The requested URL /~anthony was not found on this server.
standard 404 error. When I navigate to localhost it works fine and I get the "It works" from the index.html that is located in /Library/WebServer/Documents, I even changed that index.html file and it works fine.
Any ideas why I'm not able to see my website using apache? All I did was download this github repository and place it in my unfinished-asteroids folder, the index.html is at the root.
So it looks like there are a couple of extra steps that you need to do. There isn't really anything too special about apache that comes with OSX, so your standard apache configurations will work. but to get Userdir (~username) working on El Capitan,this is what I had to do
Edit /etc/apache2/httpd.conf
on (or near) line 166, uncomment
loadModule userdir_module libexec/apache2/mod_userdir.so
then on line 493 uncomment
Include /private/etc/apache2/extra/httpd-userdir.conf
then edit file /etc/apache2/extra/httpd-userdir.conf
uncomment line 16
Include /private/etc/apache2/users/*.conf
then in /etc/apache2/users/anthony.conf
<Directory "/Users/anthony/Sites/">
Options Indexes MultiViews
Require all granted
</Directory>
then sudo apachectl restart
That should make http://localhost/~anthony point to your sites directory.
Logs are stored in /var/log/apache2
Now if all you want is web access to say your dev directory you can do something like this.. (don't make any of the changes listed above)
in /etc/apache2/other/ create a file called mydev.conf (name doesn't really matter, save it needs to end in .conf')
and put this in that file
Alias /dev /Users/anthony/dev/
<Directory "/Users/anthony/dev">
Options Indexes MultiViews
Require all granted
</Directory>
and reload apache (sudo apachectl restart)
then you will be able to access your dev folder at http://localhost/dev and should be able to access your page at http://localhost/dev/web/unfinished-asteroids/
you can adjust the paths at will above, just need to make sure that the user or group _www has access to it, and that paths in the alias and the directory match.
I just upgraded from Yosemite to El Capitan but unfortunately forgot to copy my old httpd.conf and now i need to configure all of its settings again.
I already changed the documentroot to the previous one /users/admin/www, and also configured to release access to this folder:
<Directory "/users/admin/www">
Options Indexes MultiViews FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
Restarted Apache but even this way I get the 'Forbidden' error when trying to access 127.0.0.1.
What am I'm missing here?
Do the following:
Open Terminal
Run:
cd /etc/apache2/
sudo mv httpd.conf httpd.conf.OLD
sudo mv httpd.conf~previous httpd.conf
sudo apachectl restart
After spending 3 hours on the issue - this worked for me!
I just found out that the old .conf file is saved during the El Captain update, in this folder :
/private/etc/apache2/httpd.conf.pre-update
So i just copied the old definitions to the new one :)
You can navigate to /private/etc/apache2/ and then diff httpd.conf httpd.conf.pre-update to see the differences between your old conf file and the new one that's been added.
For me there was a lot of LoadModules lines commented out, and my apache user/group had been changed back to _www
I am not familiar with the changes in Apache 2.4 so this one really stumped me for about 30 minutes. I just upgraded from Mavericks to El Capitan (Apache 2.2 to 2.4) and I could not load my personal Sites directory (http://localhost/~{username}. I kept getting "Forbidden". After a good bit of research I found that I needed to modify /etc/apache2/users/{username}.conf to add "Require all granted". Since I never upgraded to Yosemite (which also uses Apache 2.4) I never stumbled across this one.
I hope this info helps somebody
Updating the directory access control worked for me:
In this example, all requests are allowed.
2.2 configuration:
Order allow,deny Allow from all
2.4 configuration:
Require all granted
Source: http://httpd.apache.org/docs/trunk/upgrading.html (under Access control)
Note: I keep my custom settings separately under /private/etc/apache2/other/.
This helped as well (after doing everything else as well):
http://coolestguidesontheplanet.com/forbidden-403-you-dont-have-permission-to-access-username-on-this-server/
Like #delphirules said, you can copy your old httpd.conf file like so:
sudo cp /etc/apache2/httpd.conf.pre-update /etc/apache2/httpd.conf
I’ve had issues with connecting to my localhost all day but finally found this: https://mallinson.ca/web-development-with-el-capitan/
Just run the copy command and then do a sudo apachectl restart
I’ve also disabled the SIP ( System Integrity Protection ) in recovery mode. I don’t know if it actually did anything though.. You can find those instructions here: https://forums.developer.apple.com/thread/3981
I had a similar issue receiving a 404 error back when trying to access pages in my local sites directory after enabling myself at the user level to serve sites after upgrading to El Capitan. The issue was that Apache reset the httpd.conf file to its default which disables the user folders to load files from. So http://localhost loaded fine but http://localhost/~username/index.html would NOT load. Here's the fix:
back up the "new" config file that was created:
sudo cp /etc/apache2/httpd.conf /etc/apache2/httpd.conf_capitan
restore the "old" config file that was renamed:
sudo cp /etc/apache2/httpd.conf~previous /etc/apache2/httpd.conf
In case you have symlinks to some of your projects in DocumentRoot directory, after upgrade to El Capitan you can get 403 for these projects, like I did.
You will need the following things to make them work again:
1) Your apache user (_www by default) should have execute access to directory that houses a directory to which you link to.
In my case in apache DocumentRoot I had:
MyProject -> /Users/Me/Documents/Aptana Studio 3 Workspace/MyProject
And for some reason access settings for
/Users/Me/Documents/Aptana Studio 3 Workspace/MyProject
were
-rw------- 1 Me staff My guess it was set during OS x upgrade.
So after sudo chmod 755 Aptana\ Studio\ 3\ Workspace error was resolved.
2) As upgrade also changes httpd.conf, make sure you have this for DocumentRoot directory, or restore from backup httpd.conf as suggested above:
Options Indexes FollowSymLinks
If you upgraded from Mavericks or earlier OS x and restored backup httpd.conf, you should, as jcfranko said, replace apache 2.2 setting for request allowance with:
Require all granted
Create a symlink in your /Users/{user name}/Sites folder
ln -s /Path/To/Target/Files /Users/{user name}/Sites/{name}
Despite the fact that I explicitly allow any permissions, Apache refuses to give public access to my folder
Alias /projects "/Users/username/projects"
<Directory "/Users/username/projects">
Options All
AllowOverride All
Order allow,deny
Allow from all
</Directory>
On Windows, this configuration (with the proper path, of course) works just fine.
What could be the problem?
You need to check file permissions as well. Open terminal:
CD to that directory.
Find out what the userid of the apache process is (typically _www on OS X). You can further verify this by sudo more /etc/passwd.
Find the permissions of that directory. You want _www (Apache user) or world to be able to read at least. ls -la |more will give you ownership and permissions look for projects.
Change either the ownership (chown) or the permissions (chmod +rx) on the directory. I'm not going to give you the command, because if it's wrong, you could really screw up that directory.
If this stuff is foreign to you, try man chown and man chmod from commandline.
I have Linux Ubuntu 10.10 and when i run the below in a terminal:
php -i | grep php.ini
I got the loaded Configuration File => /etc/php5/cli/php.ini
While if I use phpinfo() in the browser it will be:
Loaded Configuration File /etc/php5/apache2/php.ini
Which means that there are different ini files according to php_sapi_name!!
now the question is how can i set the same php.ini for all user agents (browser, cli, etc) without copying the same file to different locations!?
I don't think setting all the different php contexts to use the same config is a good idea in the first place but if you really want to, you could just have one php.ini and all the others be symbolic links.
I don't think there is a way to change php's behavior as to which file it will include without at the very least recompiling it.
sometimes you can have more than one php.ini to manage different interfaces or websites
for example you can have different php.ini for each website you host on your server by setting PHPINIDir in your virtualhost as below
<VirtualHost 10.24.11.2:80>
ServerName foo.com
ServerAlias www.foo.com
PHPINIDir /var/www/html/foo
</VirtualHost>
however, if you like to make only one php.ini for all interfaces, the only way is to use symlinks as below:
ln -s /etc/php5/cli/php.ini /etc/php5/apache2/php.ini
You could use symlinks.
ln -s /etc/php5/cli/php.ini /etc/php5/apache2/php.ini
What about replacing one of them with a symlink?
You can use symlinks (Apache is using this technique for sites-available and sites-enabled).
So navigate to
cd /etc/php5/
and copy your desired php.ini file there, then navigate to cli/ and apache2/ - remove php.ini (mv or rm it) and then run
cd /etc/php5/apache2
mv php.ini php.ini.bkp
ln -s php.ini ../php.ini
This will create a symlink to php.ini in your /etc/php5/apache2/ and /etc/php5/cli/ folders.
Note: It is a good practice to have diff. php.ini files, for cli there are few extensions that are not loadable and much more. :)
It's hard to find Mac-specific answers to this question on the web, so I'm hoping someone out there can put this one to rest for me? My permissions are screwed up on my sites and I'm not sure how to fix them without just slamming a recursive 777 on everything which is quite obviously incorrect.
Thanks!
This is the most restrictive and safest way I've found, as explained here for hypothetical ~/my/web/root/ directory for your web content:
For each parent directory leading to your web root (e.g. ~/my, ~/my/web, ~/my/web/root):
chmod go-rwx DIR (nobody other than owner can access content)
chmod go+x DIR (to allow "users" including _www to "enter" the dir)
sudo chgrp -R _www ~/my/web/root (all web content is now group _www)
chmod -R go-rwx ~/my/web/root (nobody other than owner can access web content)
chmod -R g+rx ~/my/web/root (all web content is now readable/executable/enterable by _www)
All other solutions leave files open to other local users (who are part of the "staff" group as well as obviously being in the "o"/others group). These users may then freely browse and access DB configurations, source code, or other sensitive details in your web config files and scripts if such are part of your content. If this is not an issue for you, then by all means go with one of the simpler solutions.
If you really don't like the Terminal here is the GUI way to do dkamins is telling you :
1) Go to your user home directory (ludo would be mine) and from the File menu choose Get Info cmdI in the inspector :
2) By alt/option clicking on the [+] sign add the _www group and set it's permission to read-only :
Thus consider (good practice) not storing personnal information at the root of your user home folder (& hard disk) !
You may skip this step if the **everyone** group has **read-only** permission but since AirDrop the **/Public/Drop Box** folder is mostly useless...
3) Show the Get Info inspector of your user Sites folder and reproduce step 2 then from the gear action sub-menu choose Apply to enclosed Items... :
Voilà 3 steps and the GUI only way...
I know this is an old post, but for anyone upgrading to Mountain Lion (10.8) and experiencing similar issues, adding FollowSymLinks to your {username}.conf file (in /etc/apache2/users/) did the trick for me. So the file looks like this:
<Directory "/Users/username/Sites/">
Options Indexes MultiViews FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
2 month old thread, but better late than never! On 10.6, I have my webserver documents folder set to:
owner:root
group:_www
permission:755
_www is the user that runs apache under Mac OS X. I then added an ACL to allow full permissions to the Administrators group. That way, I can still make any changes with my admin user without having to authenticate as root.
Also, when I want to allow the webserver to write to a folder, I can simply chmod to 775, leaving everyone other than root:_www with only read/execute permissions (excluding any ACLs that I have applied)
On my 10.6 system:
vhosts folder:
owner:root
group:wheel
permissions:755
vhost.conf files:
owner:root
group:wheel
permissions:644
The user owner for me is the admin user and the group is _www and works with permissions set to 775 for dir and for files 664
Catalina Update / Desktop Permissions
I come across this once a year on macOS. I usually use apache2 for hosting a
folder on my desktop.
If you are trying to give access to the desktop folder you need to follow this to allow httpd to have access to all folders: https://apple.stackexchange.com/a/373139/353465
Open up terminal first and then go to directory of web server
cd /Library/WebServer/Documents
and then type this and what you will do is you will give read and write permission
sudo chmod -R o+w /Library/WebServer/Documents
This will surely work!