It's hard to find Mac-specific answers to this question on the web, so I'm hoping someone out there can put this one to rest for me? My permissions are screwed up on my sites and I'm not sure how to fix them without just slamming a recursive 777 on everything which is quite obviously incorrect.
Thanks!
This is the most restrictive and safest way I've found, as explained here for hypothetical ~/my/web/root/ directory for your web content:
For each parent directory leading to your web root (e.g. ~/my, ~/my/web, ~/my/web/root):
chmod go-rwx DIR (nobody other than owner can access content)
chmod go+x DIR (to allow "users" including _www to "enter" the dir)
sudo chgrp -R _www ~/my/web/root (all web content is now group _www)
chmod -R go-rwx ~/my/web/root (nobody other than owner can access web content)
chmod -R g+rx ~/my/web/root (all web content is now readable/executable/enterable by _www)
All other solutions leave files open to other local users (who are part of the "staff" group as well as obviously being in the "o"/others group). These users may then freely browse and access DB configurations, source code, or other sensitive details in your web config files and scripts if such are part of your content. If this is not an issue for you, then by all means go with one of the simpler solutions.
If you really don't like the Terminal here is the GUI way to do dkamins is telling you :
1) Go to your user home directory (ludo would be mine) and from the File menu choose Get Info cmdI in the inspector :
2) By alt/option clicking on the [+] sign add the _www group and set it's permission to read-only :
Thus consider (good practice) not storing personnal information at the root of your user home folder (& hard disk) !
You may skip this step if the **everyone** group has **read-only** permission but since AirDrop the **/Public/Drop Box** folder is mostly useless...
3) Show the Get Info inspector of your user Sites folder and reproduce step 2 then from the gear action sub-menu choose Apply to enclosed Items... :
VoilĂ 3 steps and the GUI only way...
I know this is an old post, but for anyone upgrading to Mountain Lion (10.8) and experiencing similar issues, adding FollowSymLinks to your {username}.conf file (in /etc/apache2/users/) did the trick for me. So the file looks like this:
<Directory "/Users/username/Sites/">
Options Indexes MultiViews FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
2 month old thread, but better late than never! On 10.6, I have my webserver documents folder set to:
owner:root
group:_www
permission:755
_www is the user that runs apache under Mac OS X. I then added an ACL to allow full permissions to the Administrators group. That way, I can still make any changes with my admin user without having to authenticate as root.
Also, when I want to allow the webserver to write to a folder, I can simply chmod to 775, leaving everyone other than root:_www with only read/execute permissions (excluding any ACLs that I have applied)
On my 10.6 system:
vhosts folder:
owner:root
group:wheel
permissions:755
vhost.conf files:
owner:root
group:wheel
permissions:644
The user owner for me is the admin user and the group is _www and works with permissions set to 775 for dir and for files 664
Catalina Update / Desktop Permissions
I come across this once a year on macOS. I usually use apache2 for hosting a
folder on my desktop.
If you are trying to give access to the desktop folder you need to follow this to allow httpd to have access to all folders: https://apple.stackexchange.com/a/373139/353465
Open up terminal first and then go to directory of web server
cd /Library/WebServer/Documents
and then type this and what you will do is you will give read and write permission
sudo chmod -R o+w /Library/WebServer/Documents
This will surely work!
Related
I have a website which I copied to this location. The public_html folder was also uploaded with the other folders but it is not showing up. Please guide me. Thanks.
As you are using DreamHost web hosting you wont have any control over ssh and chmod , chown commands. I think dreamhost wont use cPanel for shared hosting, they have their own control panel, so there is nothing you can do, Ask dreamHost support to reinitialize your public_html directory. Surely they will do that. I searched on dreamhost forum and found these link-
https://discussion.dreamhost.com/thread-13646-post-13647.html#pid13647
https://discussion.dreamhost.com/thread-128630.html
Currently in your case i saw that there is no issue related to public_html (technically "Document Root" ) directory coz as your http://www.inspuratesystems.com/second/ is pointing to correct directory , and your documentRoot is parent of that directory, So if your documentRoot was wrong then there were no chance to access that that url, currently your domain is opening a correct index.html file which indicates that your documentRoot is there.
Create a index.html or home.html file there manually (from their web based file manager) and see if it is working or not, if it works then there is some issue with your uploading.
Your hosting provider seems to be dreamhost.com
Please check out this thread, according to which public_html seems to be a special case on dreamhost:
https://discussion.dreamhost.com/thread-144453.html
and/or this:
Getting a 'Not Found' error on my website?
Hope it helps!
Make sure that the public_html folder has execute permissions
chmod a+x public_html
That will allow execute permissions for everybody.
Perhaps it's possible that server (apache?) hides folders named public_html? Also check that group others have read and execute permissions for that folder.
In folder /path/to/second/ run
chmod ugo+rx .
chmod -R ugo+rx public_html
to set folder visible.
cpanel may handle the "public_html" folder in a unique way. Try uploading to a folder like: /home/yourusername/public_html/second/files/ instead of /home/yourusername/public_html/second/public_html/
If you are wanting to create a new distinct website at inspuratesystems.com/second/ you don't need a second "public_html" folder. Just put them in the /home/yourusername/public_html/second directory.
If you are using a linux or OS X server, you may need to change the permissions on the folder.
Did you checked if the folder is hidden attribute?
If you execute ls -a in terminal, you will know about it's existence. If it is present then please try giving it read & execute permission (using chmod 555 command). Give write permission if you are planning to write something or take feedback from users (using chmod 777).
I tried some of this options above but unfortunately none worked. Instead I discovered that in CPanel you have a "Preferences" tab and in that tab you have a "User Manager" function. You can there edit the ftp user that you created before in CPanel. On the "User Manager" funcion you can find the "Home Directory" configuration. On that home directory you just choose the "public_html". When you configure the user in the ftp account on your ftp platform, it goes directly to the path you defined in CPanel.
I am trying to setup my Apache local server. I noticed that my access was denied after I typed localhost into both Safari and Chrome. In Chrome it works but in Safari I given error 403 and told "Forbidden" and "you do not have permission to access / on this server"
So I have tried to modify the permissions of my Webserver directory using chmod in terminal. But even there I am told that the operation is not permitted. Even when attempting ls to view its contents, I am met with "Permission Denied"
I've run into this issue from a couple of different angles on OS X. It seems as if you are having a permissions error.
I suggest you check out this post, what you need to do is make sure the _www group has access.But, BEFORE YOU DO WHAT THE ABOVE LINK SAYS, try a solution with Finder.
Go to the root web directory in your finder.
Right-click and 'Get Info'.
Look at the permission of the _www user. Make sure it has 'Read & Write' access.
Click the settings-cog on while _www is selected.
Select the following options: "Make _www the owner" and "Apply to enclosed items..."
Try accessing your web server now.
If this does not work, or if there is no _www user, revert back to the post I spoke of earlier.
Try the suggested lines in terminal:
Let DIR be the different directories leading to your website. Replace "~" with the full directory path.
For each parent directory leading to your web root (e.g. ~/my, ~/my/web, ~/my/web/root)
chmod go-rwx DIR (nobody other than owner can access content)
chmod go+x DIR (to allow "users" including _www to "enter" the dir)
Then apply these commands to just the web root.
sudo chgrp -R _www ~/my/web/root (all web content is now group _www)
chmod -R go-rwx ~/my/web/root (nobody other than owner can access web content)*
chmod -R g+rx ~/my/web/root (all web content is now readable/executable/enterable by _www)
Try to access your website again. If this doesn't work, go back to finder and try to add add the permissions again as stated in the first part of this post.
If you are using Server for OS X you may also enable and edit sharing properties for other users and FTP.
I have solved my problem with a simple fix:
Open "Disk Utilities" from the "Utilities" folder in "Applications"
Click on the root drive
Click "repair permissions"
Done
Despite the fact that I explicitly allow any permissions, Apache refuses to give public access to my folder
Alias /projects "/Users/username/projects"
<Directory "/Users/username/projects">
Options All
AllowOverride All
Order allow,deny
Allow from all
</Directory>
On Windows, this configuration (with the proper path, of course) works just fine.
What could be the problem?
You need to check file permissions as well. Open terminal:
CD to that directory.
Find out what the userid of the apache process is (typically _www on OS X). You can further verify this by sudo more /etc/passwd.
Find the permissions of that directory. You want _www (Apache user) or world to be able to read at least. ls -la |more will give you ownership and permissions look for projects.
Change either the ownership (chown) or the permissions (chmod +rx) on the directory. I'm not going to give you the command, because if it's wrong, you could really screw up that directory.
If this stuff is foreign to you, try man chown and man chmod from commandline.
I have a file in my ~/Sites directory that works fine when I browse to it through coderama.local/~coderama/index2.php
Now I want to get tricky and move my index2.php file to somewhere else on my system, so I do this by creating a symbolic link. However, when I try to access coderama.local/~coderama/index2.php I now get the following error.
Any ideas anyone?
Thanks!
Forbidden
You don't have permission to access /~coderama/index2.php on this server.
That's a configurable Apache option. It appears that by default on Macs (and probably most installations) Apache is configured to not follow symbolic links. I'm guessing (as others mention above) that it's for security purposes.
But it can be really convenient at times to enable following of symbolic links, particularly during development of certain kinds of apps. What you need to do is 1) change the Apache configuration to allow the following of symbolic links, and then 2) restart Apache.
The configuration step is performed as follows:
a) cd /etc/apache2 (this is where Apache's configuration files are by default on a Mac)
b) you'll see a couple of directories here. One is called users
c) cd users
d) ls should reveal a .conf file with your login name (login.conf) I'm "marvo" so mine is named "marvo.conf"
e) Edit this file (I use vi) -- but you have to do it using sudo:
sudo vi marvo.conf
f) You'll see something like
<Directory "/Users/marvo/Sites/">
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
g) Add the "FollowSymLinks" option so that the second line of that .conf file looks like:
Options Indexes MultiViews FollowSymLinks
(You can find other configuration options out there on the 'net. I found this page: http://httpd.apache.org/docs/2.0/mod/core.html#directory )
h) Save the file.
Now you have to restart Apache so that it picks up the configuration change. Googling around a bit, I found that this is most easily done from the command line with the following command:
sudo /usr/sbin/apachectl restart
(Found that at http://mcapewell.wordpress.com/2006/09/22/restart-apache-in-mac-os-x/ )
Now that symbolic link should work just fine on your Sites pages.
Had the same issue. Unfortunately, Marvo's answer wasn't enough.
The problem lies with the permissions set on every folder in the path, starting from ~/. The directories needs the execute flag set to be able to recurse the directory tree. So, in my case, I symlinked a theme folder from ~/Dropbox/projects/theme to a wordpress install on ~/Site/wordpress.
The answer was:
chmod a+x ~/Dropbox/
chmod a+rx ~/Dropbox/projects
This is an old issue, but if anyone reaches this page, it might be useful. :)
Seems like a security issue (also suggested by Matt)
http://discussions.apple.com/thread.jspa?threadID=1771399
I don't remember the specific reason why, but it doesn't work. It's a security issue. You can use XAMPP http://www.apachefriends.org/en/xampp-macosx.html or MAMP http://www.mamp.info/en/index.html to get around this.
In addition to Marvo's answer. What helped me was to Change the permission on Documents folder:
cd ~
chmod a+rx Documents/
Also make sure you have a directive in your httpd-vhosts.conf
Otherwise you get the same '403 forbidden in the browser', with 'the client denied by server configuration in the error log.
After joomla upload to ftp . how many folder needed mode 777 need enable to working joomla without any error.
Depending on the security configuration of your Web server the recommended default permissions of 755 for directories and 644 for files should be reasonably secure.
source: http://docs.joomla.org/What_are_the_recommended_file_and_directory_permissions%3F
Only bad hosting providers will require you to set permissions to 777. If you have to do that, or are told to do that by your host, save yourself and get a better host. I don't deal with clients on hosts like that, because its the source of a LOT of security issues.
never use 777 but use 755.
755 only for writeable folders like components, modules, templates, caches and images.
except for that .. set to 664
None.
Joomla 1.5 contains an option that uses your FTP account and password to write to files it needs to write to. Enable that and none of them need to be world writeable.
You can check which folders to chmod in system check of your joomla admin
The only file that needs to be writable is configuration.php. It should be set to 666.
You can find the list of folders by going to the Joomla admin area (the 'administrator' folder in your Joomla installation). Go to Help > System info in the menu then click Directory permissions. This page tells you whether they are writable or not. Folders should be set to 777.
To solve installation errors I have found setting the following directories to 777 to be very convenient BUT EXTREMELY UNSAFE.
/administrator/backups/
/administrator/components/
/administrator/language/
/administrator/language/en-GB/
/administrator/language/nl-NL/
/administrator/modules/
/administrator/templates/
/components/
/images/
/images/banners/
/images/stories/
/language/
/language/en-GB/
/language/nl-NL/ or other lang
/language/pdf_fonts/
/modules/
/plugins/
/plugins/content/
/plugins/editors/
/plugins/editors-xtd/
/plugins/search/
/plugins/system/
/plugins/user/
/plugins/xmlrpc/
/tmp/
/templates/
/cache/