apache doc folder permissions problem

Bill Cole macportsusers-20171215 at billmail.scconsult.com
Thu Jun 17 20:48:53 UTC 2021 

On 2021-06-17 at 15:32:38 UTC-0400 (Thu, 17 Jun 2021 15:32:38 -0400)
Murray Eisenberg <murrayeisenberg at gmail.com>
is rumored to have said:

> I’m at a loss what to do in response to the reply, below, from Bill 
> Cole.
>
> I note that to the best of my knowledge, nothing changed as to the 
> attributes or permissions of any of the user doc folders listed in my 
> httpd-vhosts.conf file except as may have been done without my 
> knowledge in an update to macOS 11.3 or 11.4, or in case of some 
> change in the MacPorts files supporting apache — but I believe I’m 
> still using the very same configuration files, including httpd.conf, 
> httpd-vhosts.conf, and httpd-userdir.conf (and /private/etc/hosts) as 
> I have in the past!
>
> 1. What should I do with respect to extended attributes? I get:
>
> 	[~] % ls -le Sites
> 	total 32 [some results omitted from list]
> 	drwxr-xr-x@ 23 me  staff   736 Jul 31  2020 Math421Blog
> 	drwxr-xr-x@ 92 me  staff  2944 Apr 10  2015 MyHomePage
> 	drwxr-xr-x  32 me  staff  1024 Jun 12 15:32 RapidWeaver
> 	drwxr-xr-x@ 20 me  staff   640 Jun 17 10:23 html
> 	drwxr-xr-x  10 me  staff   320 Aug 27  2017 newsite
>
> And:
>
> 	[~] % ls -le Sites/MyHomePage
> 	total 541576 [I show only a couple of the files & folders]
> 	drwxr-xr-x@  73 me  staff       2336 Jan 31  2015 Math_127
> 	drwxr-xr-x@ 146 me  staff       4672 Jan 31  2015 Math_131
> 	-rw-r--r--@   1 me  staff       8331 Apr 10  2015 index.html
> 	-rw-r--r--@   1 me  staff      39890 Jun  2  2010 me.jpg
> 	-rw-r--r--@   1 me  staff        695 Feb 24  2011 site.css
> 	-rw-r--r--@   1 me  staff       1385 Feb 24  2011 style.css

That's fine as is. If extended ACLs were your issue, the 'e' option to 
ls would have displayed them.


> 2. In the vhost-specific error log 
> /opt/local/var/log/apache2/me-MyHomePageerror_log I’m finding 
> entries like this:
> [Thu Jun 17 15:17:10.509589 2021] [core:error] [pid 13543] 
> (13)Permission denied: [client 127.0.0.1:53851] AH00035: access to / 
> denied (filesystem path '/Users/me/Sites') because search permissions 
> are missing on a component of the path
> [Thu Jun 17 15:17:10.551868 2021] [core:error] [pid 13543] 
> (13)Permission denied: [client 127.0.0.1:53851] AH00035: access to 
> /favicon.ico denied (filesystem path '/Users/me/Sites') because search 
> permissions are missing on a component of the path, referer: 
> http://myhomepage.local/
> [Thu Jun 17 15:19:00.531386 2021] [core:error] [pid 13498] 
> (13)Permission denied: [client 127.0.0.1:53909] AH00035: access to / 
> denied (filesystem path '/Users/me/Sites') because search permissions 
> are missing on a component of the path

There's the critical clue!

Your home directory is probably not world-searchable. To eliminate the 
reported error definitively:

sudo chmod a+x /Users /Users/me /Users/me/Sites


> 3. File httpd.conf includes the lines:
> 	DocumentRoot "/opt/local/www/apache2/html"
> 	<Directory "/opt/local/www/apache2/html">
> 	    Options Indexes FollowSymLinks
> 	    AllowOverride None
> 	    Require all granted
> 	</Directory>
> I don’t think that’s changed.

Looks good.


> 4. The errors are occurring with Opera as well as with Safari. I 
> don’t know if there’s any browser setting that’s upgrading http 
> to https; I am explicitly using the “http:” prefix in 
>http://MyHomePage.local <http://myhomepage.local/>"

So that is probably not an issue



> On June 13 at 16:21 UTC 2021, Bill Cole <billcole at apache.org> wrote:
>
> On 2021-06-13 at 11:47:53 UTC-0400 (Sun, 13 Jun 2021 11:47:53 -0400)
> Murray Eisenberg <murrayeisenberg at gmail.com 
> <https://lists.macports.org/mailman/listinfo/macports-users>>
> is rumored to have said:
>
>> ls -ld Sites
>> drwxr-xr-x@ 18 me  staff  576 Feb 27 10:37 Sites
>
> 4 thoughts:
>
> 1. The '@' indicating the existence of extended attributes could be
> overriding the '+' that is shown on files with extended ACLs, so any
> level in the directory tree COULD have an ACL blocking the webserver
> from reading the files or scanning the directories. Check with 'ls 
> -le'
> to be sure. This would be a simple but unlikely cause of the problem.
>
> 2. Check the error logs for details of the failure. There is a
> vhost-specific error log defined, but there should also be a 
> server-wide
> error log which may contain illuminating entries.
>
> 3. Check the main httpd.conf for Directory or Location directives that
> may be interfering with the Directory directives in the VirtualHost
> definition.
>
> 4. Make sure you don't have anything automatically 'upgrading' you to
> HTTPS. This can be in the server config or in a browser setting.
>
>>> On 12 Jun2021, at 8:37 PM, Jeff Greenberg
>>> <listmail.ayendesigns at gmail.com 
>>> <https://lists.macports.org/mailman/listinfo/macports-users>> wrote:
>>>
>>> How about the permissions on the Sites folder?
>>>
>>> On Jun 12, 2021, at 20:24, Murray Eisenberg
>>> <murrayeisenberg at gmail.com 
>>> <https://lists.macports.org/mailman/listinfo/macports-users>> wrote:
>>>
>>> For the Macports apache2 installation, I’m using a non-default
>>> location for my web sites. The httpd.conf includes a
>>> httpd-vhosts.conf file, and the latter includes entries such as:
>>>
>>> <VirtualHost *:80>
>>>     DocumentRoot "/Users/me/Sites/MyHomePage"
>>>     ServerName MyHomePage.local
>>>     ServerAlias www.MyHomePage.local <http://www.myhomepage.local/ 
>>> <http://www.myhomepage.local/>>
>>>     ErrorLog  "var/log/apache2/me-MyHomePageerror_log"
>>>     CustomLog "var/log/apache2/me-MyHomePage-access_log" common
>>>     <Directory /Users/me/Sites/MyHomePage>
>>>        Options Indexes FollowSymLinks
>>>        Require all granted
>>>    </Directory>
>>> </VirtualHost>
>>>
>>> And in my /private/etc/hosts I include the lines:
>>>
>>> 127.0.0.1	localhost
>>> 255.255.255.255	broadcasthost
>>> ::1             localhost
>>> fe80::1%lo0	localhost
>>> 127.0.0.1	me-html.local
>>> 127.0.0.1	MyHomePage.local
>>>
>>> When I start apache and try to open the site MyHomePage.local, i get
>>> error:
>>>
>>> 	Forbidden You don't have permission to access this resource.
>>>
>>> The permissions on /Users/me/Sites/MyHomePage are:
>>>
>>> 	drwxr-xr-x@ 92 me  staff 2944 Apr 10 2015 MyHomePage
>>>
>>> and the permissions for /Users/me/Sites/MyHomePage/index.html are:
>>>
>>> 	-rw-r--r--@ 1 me  staff 8331 Apr 10 2015 index.html
>>>
>>> What’s wrong?
>
> ---
> Murray Eisenberg			murrayeisenberg at gmail.com
> 503 King Farm Blvd #101	
> Rockville, MD 20850-6667	Mobile (413)-427-5334


-- 
Bill Cole
bill at scconsult.com or billcole at apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire

More information about the macports-users mailing list