14

On my Mac OS 10.5 machine, I would like to set up a subfolder of ~/Documents like ~/Documents/foo/html to be http://localhost/foo.

The first thing I thought of doing is using Alias as follows:

Alias /foo /Users/someone/Documents/foo/html

<Directory "/Users/someone/Documents/foo/html">
    Options Indexes FollowSymLinks MultiViews

    Order allow,deny
    Allow from all
</Directory>

This got me 403 Forbidden. In the error_log I got:

[error] [client ::1] (13)Permission denied: access to /foo denied

The subfolder in question has chmod 755 access. I've tried specifying likes like http://localhost/foo/test.php, but that didn't work either. Next, I tried the symlink route.

Went into /Library/WebServer/Documents and made a symlink to ~/Documents/foo/html. The document root has

Options Indexes FollowSymLinks MultiViews

This still got me 403 Forbidden:

Symbolic link not allowed or link target not accessible: /Library/WebServer/Documents/foo

What else do I need to set this up?

Solution:

$ chmod 755 ~/Documents

In general, the folder to be shared and all of its ancestor folder needs to be viewable by the www service user.

Eugene Yokota
  • 1,899
  • 3
  • 17
  • 12
  • Thanks so much for posting this solution - this really helped me out after spending ages looking for the answer – Tomba Jan 31 '12 at 13:55

5 Answers5

24

I'll bet that some directory above the one you want to access doesn't have permissions to allow Apache to traverse it. Become the user that Apache is running as (sudo -i -u apache or whatever), then try to change into the directory of interest and ls it. If you can't (as expected), then try getting into the directories above it, one by one, until one lets you in. The subdirectory of that is that one that needs to have o+x set. Lather, rinse, repeat as required.

womble
  • 95,029
  • 29
  • 173
  • 228
  • 1
    Yes, if 'Sites' is working, you probably have a right problem on Documents, if 'Sites' is not working you probably have a right problem on your user directory (this can appends with filevault) – radius Jun 29 '09 at 01:37
  • 1
    ~/Documents was 700. – Eugene Yokota Jun 29 '09 at 01:40
  • If I run `sudo -i -u _www` on OS X (since the Apache user is _www by in the default apache config on OS X), then I do `whoami`, I still get my username, not _www – Jason S Nov 02 '13 at 06:12
  • To fully change to another user with sudo, I use '-' by itself: `sudo - www-data` (for Ubuntu). – Alexis Wilke Nov 02 '13 at 22:31
2

Use +FollowSymlinks

Alias /foo /Users/someone/Documents/foo/html

<Directory "/Users/someone/Documents/foo/html">
    Options +Indexes +FollowSymLinks +MultiViews

    Order allow,deny
    Allow from all
</Directory>
Dave Cheney
  • 18,307
  • 7
  • 48
  • 56
  • According to http://httpd.apache.org/docs/2.0/en/mod/core.html#options, "if all the options on the Options directive are preceded by a + or - symbol, the options are merged." How is that going to help ~/Documents being 700? – Eugene Yokota Jun 29 '09 at 04:16
  • AFAIK FollowSymLinks does not enable the option, only allows it to be enabled in at a lower level of the directory hierarchy. – Dave Cheney Jun 29 '09 at 04:52
  • 1
    This was the correct answer for me. I modified the conf file in /etc/apache2/users, and allowed FollowSymLinks (without the +). Remember to restart. – superluminary May 29 '12 at 14:57
1

Check to ensure that file vault isn't enabled. I had the same problem. I tried everything else I could find. Nothing worked. But after an hour of trying to figure this out, I recalled that I had file vault enabled.

Disabling it resolved the problem.

Bob
  • 11
  • 1
1

Check the symlink ownership. Since you're on Mac OS X, then symlink owners can be changed. In /Library/WebServer/Documents do ls -l

If your symlink to ~/Documents/foo/html is called foo and has permissions like

lrwxr-xr--  1 root  wheel 27  2 Nov 17:00 foo -> /Users/username/Documents/foo/html

Then by default on OS X Apache runs as the _www user and _www group, so in the above mentioned case it won't be able to traverse the symlink to ~/Documents/foo/html

Run man 8 chown on your system terminal, or look at it online man chown

You will see that using the -h option will change the ownership of the symlink itself, rather than the file it points to (it's source). Then you can do something like

sudo chown -h :_www foo

This will change the simlink to

lrwxr-xr--  1 root  _www 27  2 Nov 17:02 foo -> /Users/username/Documents/foo/html

and the Apache _www group will be able to traverse the link.

Jason S
  • 403
  • 4
  • 6
0

Check your /Users directory (ls -l /Users) to see rights on your user (someone).
Also is the 'Sites' directory correctly available on localhost/~someone ?

radius
  • 9,545
  • 23
  • 45