osx - Permissions for 'Sites' folder (apache) are wrong
2014-04
My head is a bit mashed over this.
I have moved from MAMP to using Mac's own AMP stack, and have got it working, but just CANNOT get the directory permissions right.
My localhost points to ~/Sites
and my username appears to be user
(in that in the terminal is shows up as user at MacBookPro in ~ $
). I also seem to have a group called staff
.
I have checked that the user group is set in /private/etc/apache2/httpd.conf
(about line 120) as
User _www
Group _www
The Problem:
Whenever I try and access a URL like localhost/_Projects/fresh2/public/index.php
I get a 403 Forbidden error. (This would be the path to my Laravel project).
It looks like I have the opposite of what I want set up, as I can easily see into the localhost/_Projects/fresh2/app/config/
directory and see all these files as a directory listing in my browser, but the one folder that I would expect to see (`public') isn't there (I'm guessing this is down to the permissions).
NOTE: When I run a 'server' via Command line php artisan serve
within this Laravel project then I can run the project's index.php and it works at I would expect the app to work, with no permission issues. (But I also use this folder to house other PHP apps (like Codeigniter) so I need to access it via a URL)
Folder Permissions
I have run ls -l
within the root of this project folder and this is what I see:
drwxr-xr-x+ 16 user _www 544 24 Jan 13:19 .
drwxr-x---+ 5 user _www 170 24 Jan 18:50 ..
-rw-r--r--+ 1 user _www 11 19 Jan 02:14 .gitattributes
-rw-r--r--+ 1 user _www 103 19 Jan 02:14 .gitignore
-rw-r--r--+ 1 user _www 145 19 Jan 02:14 CONTRIBUTING.md
drwxr-xr-x+ 14 user _www 476 19 Jan 02:14 app
-rwxr-xr-x+ 1 user _www 2451 19 Jan 02:14 artisan
drwxr-xr-x+ 5 user _www 170 19 Jan 02:14 bootstrap
drwxr-xr-x+ 7 user _www 238 24 Jan 13:19 components
-rw-r--r--+ 1 user _www 787 24 Jan 13:19 composer.json
-rw-r--r--+ 1 user _www 64982 24 Jan 13:20 composer.lock
-rw-r--r--+ 1 user _www 566 19 Jan 02:14 phpunit.xml
drwxr-xr-x+ 7 user _www 238 19 Jan 02:14 public
-rw-r--r--+ 1 user _www 1795 19 Jan 02:14 readme.md
-rw-r--r--+ 1 user _www 519 19 Jan 02:14 server.php
drwxr-xr-x+ 27 user _www 918 24 Jan 13:20 vendor
What might I be doing wrong? What other info can I provide?
Give ownership to apache user for all files. Here the apache user is _www
and try. Use chown
for changing ownership. The command will look like something below.
chown _www:_www -R fldername
. Here the folder might be the DocumentRoot
of your project.
I was wondering if it's normal that the root directory / should be owned by “root”.
I get asked for my password every time I want to do something there (e.g. save a file, create a directory) and I don't remember this happening before (though this may just be my faulty memory).
Here's the relevant terminal output:
MacBook:~ ago$ ls -lah /
total 37311
drwxr-xr-x@ 35 root staff 1,2K 22 Mar 12:34 .
drwxr-xr-x@ 35 root staff 1,2K 22 Mar 12:34 ..
-rw-rw-r--@ 1 root admin 21K 22 Mar 10:21 .DS_Store
drwx------ 3 root admin 102B 28 Feb 2008 .Spotlight-V100
d-wx-wx-wt 2 root admin 68B 31 Ago 2009 .Trashes
-rw-r--r--@ 1 ago 501 45K 23 Gen 2008 .VolumeIcon.icns
srwxrwxrwx 1 root staff 0B 22 Mar 12:34 .dbfseventsd
---------- 1 root admin 0B 23 Giu 2009 .file
drwx------ 27 root admin 918B 22 Mar 10:55 .fseventsd
-rw-r--r--@ 1 ago admin 59B 30 Ott 2007 .hidden
-rw------- 1 root wheel 320K 30 Nov 11:42 .hotfiles.btree
drwxr-xr-x@ 2 root wheel 68B 18 Mag 2009 .vol
drwxrwxr-x+ 276 root admin 9,2K 19 Mar 18:28 Applications
drwxrwxr-x@ 21 root admin 714B 14 Nov 12:01 Developer
drwxrwxr-t+ 74 root admin 2,5K 18 Dic 22:14 Library
drwxr-xr-x@ 2 root wheel 68B 23 Giu 2009 Network
drwxr-xr-x 4 root wheel 136B 13 Nov 17:49 System
drwxr-xr-x 6 root admin 204B 31 Ago 2009 Users
drwxrwxrwt@ 4 root admin 136B 22 Mar 12:35 Volumes
drwxr-xr-x@ 39 root wheel 1,3K 13 Nov 17:44 bin
drwxrwxr-t@ 2 root admin 68B 23 Giu 2009 cores
dr-xr-xr-x 3 root wheel 5,1K 17 Mar 11:29 dev
lrwxr-xr-x@ 1 root wheel 11B 31 Ago 2009 etc -> private/etc
dr-xr-xr-x 2 root wheel 1B 17 Mar 11:30 home
drwxrwxrwt@ 3 root wheel 102B 31 Ago 2009 lost+found
-rw-r--r--@ 1 root wheel 18M 3 Nov 19:40 mach_kernel
dr-xr-xr-x 2 root wheel 1B 17 Mar 11:30 net
drwxr-xr-x@ 3 root admin 102B 24 Nov 2007 opt
drwxr-xr-x@ 6 root wheel 204B 31 Ago 2009 private
drwxr-xr-x@ 64 root wheel 2,1K 13 Nov 17:44 sbin
lrwxr-xr-x@ 1 root wheel 11B 31 Ago 2009 tmp -> private/tmp
drwxr-xr-x@ 17 root wheel 578B 12 Set 2009 usr
lrwxr-xr-x@ 1 root wheel 11B 31 Ago 2009 var -> private/var
Are these ownerships / permissions ok? Should I chmod/chown something?
Thanks in advance
I just checked a couple of relatively clean OS X 10.6 Macs, and while / is owned by root, its group and permissions are different from what you have: it's assigned to the admin group, and has group write and the sticky bit set, and doesn't have an extended attributes (i.e. drwxrwxr-t 29 root admin
). Disk Utility's permissions repair feature doesn't seem to reset this (I just tried), but you can fix it by hand:
sudo chgrp admin /
sudo chmod 1775 /
xattr -l /
The last command will display the extended attributes attached to the root; depending on what they are, you may want to remove them (use sudo xattr -d attrname /
).
No, leave it as it is!
root
is the administrator user of your system. There are only very very few cases where you should have to do something as this user.
In fact, you either break something if you change permissions or make your system vulnerable.
You can read more about root / superuser at Wikipedia.
Update:
Whenever you have to authenticate it is because you switch to "superuser mode". As admin user you are automatically in group admin. This group has basically the same rights as root
# /etc/sudoers
%admin ALL=(ALL) ALL
(which means that you are allowed to run every command from every host)
Hence although your don't log in as root
, after authenticate again (e.g. if you type sudo <command>
you gain nearly the same rights as root
. I am not sure how much you are familiar with UNIX like OS' but if you try to apply changes to such paths via Finder, it is basically an execution of sudo
.
Read more about sudo
.
On most Unix systems (Mac OS X included), the root directory is not generally writable by non-root users.
Use your home folder for your files or /Users/Shared
for files that multiple users need to access. You can usually use ⇧⌘H (Shift-Command-H) to jump to your home directory in Finder and in most Open/Save dialogs. Similarly, you can use ⇧⌘G (Shift-Command-G), then type /Users/Shared
to get to the shared folder (or go to your home folder, then go up to /Users
with ⌘↑ (Command-Up), type Shared
to select the folder, then ⌘↓ (Command-Down) to open it).