apache doc folder permissions problem

Murray Eisenberg murrayeisenberg at gmail.com
Fri Jun 18 14:17:13 UTC 2021



> On 18 Jun2021, at 8:00 AM, Bill Cole <billcole at apache.org>wrote:
> 
> 
> I?m at a loss what to do in response to the reply, below, from Bill Cole.
> 
> I note that to the best of my knowledge, nothing changed as to the attributes or permissions of any of the user doc folders listed in my httpd-vhosts.conf file except as may have been done without my knowledge in an update to macOS 11.3 or 11.4, or in case of some change in the MacPorts files supporting apache ? but I believe I?m still using the very same configuration files, including httpd.conf, httpd-vhosts.conf, and httpd-userdir.conf (and /private/etc/hosts) as I have in the past!
> 
> 1. What should I do with respect to extended attributes? I get:
> 
> 	[~] % ls -le Sites
> 	total 32 [some results omitted from list]
> 	drwxr-xr-x@ 23 me  staff   736 Jul 31  2020 Math421Blog
> 	drwxr-xr-x@ 92 me  staff  2944 Apr 10  2015 MyHomePage
> 	drwxr-xr-x  32 me  staff  1024 Jun 12 15:32 RapidWeaver
> 	drwxr-xr-x@ 20 me  staff   640 Jun 17 10:23 html
> 	drwxr-xr-x  10 me  staff   320 Aug 27  2017 newsite
> 
> And:
> 
> 	[~] % ls -le Sites/MyHomePage
> 	total 541576 [I show only a couple of the files & folders]
> 	drwxr-xr-x@  73 me  staff       2336 Jan 31  2015 Math_127
> 	drwxr-xr-x@ 146 me  staff       4672 Jan 31  2015 Math_131
> 	-rw-r--r--@   1 me  staff       8331 Apr 10  2015 index.html
> 	-rw-r--r--@   1 me  staff      39890 Jun  2  2010 me.jpg
> 	-rw-r--r--@   1 me  staff        695 Feb 24  2011 site.css
> 	-rw-r--r--@   1 me  staff       1385 Feb 24  2011 style.css
> 
> 2. In the vhost-specific error log /opt/local/var/log/apache2/me-MyHomePageerror_log I?m finding entries like this:
> [Thu Jun 17 15:17:10.509589 2021] [core:error] [pid 13543] (13)Permission denied: [client 127.0.0.1:53851] AH00035: access to / denied (filesystem path '/Users/me/Sites') because search permissions are missing on a component of the path
> [Thu Jun 17 15:17:10.551868 2021] [core:error] [pid 13543] (13)Permission denied: [client 127.0.0.1:53851] AH00035: access to /favicon.ico denied (filesystem path '/Users/me/Sites') because search permissions are missing on a component of the path, referer: http://myhomepage.local/
> [Thu Jun 17 15:19:00.531386 2021] [core:error] [pid 13498] (13)Permission denied: [client 127.0.0.1:53909] AH00035: access to / denied (filesystem path '/Users/me/Sites') because search permissions are missing on a component of the path
> 3. File httpd.conf includes the lines:
> 	DocumentRoot "/opt/local/www/apache2/html"
> 	<Directory "/opt/local/www/apache2/html">
> 	    Options Indexes FollowSymLinks
> 	    AllowOverride None
> 	    Require all granted
> 	</Directory>
> I don?t think that?s changed.
> 4. The errors are occurring with Opera as well as with Safari. I don?t know if there?s any browser setting that?s upgrading http to https; I am explicitly using the ?http:? prefix in ?http://MyHomePage.local <http://myhomepage.local/>"
> On June 13 at 16:21 UTC 2021, Bill Cole <billcole at apache.org> wrote:
> 
> On 2021-06-13 at 11:47:53 UTC-0400 (Sun, 13 Jun 2021 11:47:53 -0400)
> Murray Eisenberg <murrayeisenberg at gmail.com <https://lists.macports.org/mailman/listinfo/macports-users>>
> is rumored to have said:
> 
>> ls -ld Sites
>> drwxr-xr-x@ 18 me  staff  576 Feb 27 10:37 Sites
> 
> 4 thoughts:
> 
> 1. The '@' indicating the existence of extended attributes could be 
> overriding the '+' that is shown on files with extended ACLs, so any 
> level in the directory tree COULD have an ACL blocking the webserver 
> from reading the files or scanning the directories. Check with 'ls -le' 
> to be sure. This would be a simple but unlikely cause of the problem.
> 
> 2. Check the error logs for details of the failure. There is a 
> vhost-specific error log defined, but there should also be a server-wide 
> error log which may contain illuminating entries.
> 
> 3. Check the main httpd.conf for Directory or Location directives that 
> may be interfering with the Directory directives in the VirtualHost 
> definition.
> 
> 4. Make sure you don't have anything automatically 'upgrading' you to 
> HTTPS. This can be in the server config or in a browser setting.
> 
>>> On 12 Jun2021, at 8:37 PM, Jeff Greenberg 
>>> <listmail.ayendesigns at gmail.com <https://lists.macports.org/mailman/listinfo/macports-users>> wrote:
>>> 
>>> How about the permissions on the Sites folder?
>>> 
>>> On Jun 12, 2021, at 20:24, Murray Eisenberg 
>>> <murrayeisenberg at gmail.com <https://lists.macports.org/mailman/listinfo/macports-users>> wrote:
>>> 
>>> ?For the Macports apache2 installation, I?m using a non-default 
>>> location for my web sites. The httpd.conf includes a 
>>> httpd-vhosts.conf file, and the latter includes entries such as:
>>> 
>>> <VirtualHost *:80>
>>>    DocumentRoot "/Users/me/Sites/MyHomePage"
>>>    ServerName MyHomePage.local
>>>    ServerAlias www.MyHomePage.local <http://www.myhomepage.local/ <http://www.myhomepage.local/>>
>>>    ErrorLog  "var/log/apache2/me-MyHomePageerror_log"
>>>    CustomLog "var/log/apache2/me-MyHomePage-access_log" common
>>>    <Directory /Users/me/Sites/MyHomePage>
>>>       Options Indexes FollowSymLinks
>>>       Require all granted
>>>   </Directory>
>>> </VirtualHost>
>>> 
>>> And in my /private/etc/hosts I include the lines:
>>> 
>>> 127.0.0.1	localhost
>>> 255.255.255.255	broadcasthost
>>> ::1             localhost
>>> fe80::1%lo0	localhost
>>> 127.0.0.1	me-html.local
>>> 127.0.0.1	MyHomePage.local
>>> 
>>> When I start apache and try to open the site MyHomePage.local, i get 
>>> error:
>>> 
>>> 	Forbidden You don't have permission to access this resource.
>>> 
>>> The permissions on /Users/me/Sites/MyHomePage are:
>>> 
>>> 	drwxr-xr-x@ 92 me  staff 2944 Apr 10 2015 MyHomePage
>>> 
>>> and the permissions for /Users/me/Sites/MyHomePage/index.html are:
>>> 
>>> 	-rw-r--r--@ 1 me  staff 8331 Apr 10 2015 index.html
>>> 
>>> What?s wrong?
> 
> 
> 
> On 2021-06-17 at 15:32:38 UTC-0400 (Thu, 17 Jun 2021 15:32:38 -0400)
> Murray Eisenberg <murrayeisenberg at gmail.com>
> is rumored to have said:
> 
>> I?m at a loss what to do in response to the reply, below, from Bill 
>> Cole….
>> 
>> 1. What should I do with respect to extended attributes? I get:
>> 
>> 	[~] % ls -le Sites
>> 	total 32 [some results omitted from list]
>> 	drwxr-xr-x@ 23 me  staff   736 Jul 31  2020 Math421Blog
>> 	drwxr-xr-x@ 92 me  staff  2944 Apr 10  2015 MyHomePage
>> 	drwxr-xr-x  32 me  staff  1024 Jun 12 15:32 RapidWeaver
>> 	drwxr-xr-x@ 20 me  staff   640 Jun 17 10:23 html
>> 	drwxr-xr-x  10 me  staff   320 Aug 27  2017 newsite
>> 
>> And:
>> 
>> 	[~] % ls -le Sites/MyHomePage
>> 	total 541576 [I show only a couple of the files & folders]
>> 	drwxr-xr-x@  73 me  staff       2336 Jan 31  2015 Math_127
>> 	drwxr-xr-x@ 146 me  staff       4672 Jan 31  2015 Math_131
>> 	-rw-r--r--@   1 me  staff       8331 Apr 10  2015 index.html
>> 	-rw-r--r--@   1 me  staff      39890 Jun  2  2010 me.jpg
>> 	-rw-r--r--@   1 me  staff        695 Feb 24  2011 site.css
>> 	-rw-r--r--@   1 me  staff       1385 Feb 24  2011 style.css
> 
> That's fine as is. If extended ACLs were your issue, the 'e' option to 
> ls would have displayed them.
> 
> 
>> 2. In the vhost-specific error log 
>> /opt/local/var/log/apache2/me-MyHomePageerror_log I?m finding 
>> entries like this:
>> [Thu Jun 17 15:17:10.509589 2021] [core:error] [pid 13543] 
>> (13)Permission denied: [client 127.0.0.1:53851] AH00035: access to / 
>> denied (filesystem path '/Users/me/Sites') because search permissions 
>> are missing on a component of the path
>> [Thu Jun 17 15:17:10.551868 2021] [core:error] [pid 13543] 
>> (13)Permission denied: [client 127.0.0.1:53851] AH00035: access to 
>> /favicon.ico denied (filesystem path '/Users/me/Sites') because search 
>> permissions are missing on a component of the path, referer: 
>> http://myhomepage.local/
>> [Thu Jun 17 15:19:00.531386 2021] [core:error] [pid 13498] 
>> (13)Permission denied: [client 127.0.0.1:53909] AH00035: access to / 
>> denied (filesystem path '/Users/me/Sites') because search permissions 
>> are missing on a component of the path
> 
> There's the critical clue!
> 
> Your home directory is probably not world-searchable. To eliminate the 
> reported error definitively:
> 
> sudo chmod a+x /Users /Users/me /Users/me/Sites
> 
> ...
> 
>> On June 13 at 16:21 UTC 2021, Bill Cole <billcole at apache.org> wrote:
>> 
>> On 2021-06-13 at 11:47:53 UTC-0400 (Sun, 13 Jun 2021 11:47:53 -0400)
>> Murray Eisenberg <murrayeisenberg at gmail.com 
>> <https://lists.macports.org/mailman/listinfo/macports-users>>
>> is rumored to have said:
>> 
>>> ls -ld Sites
>>> drwxr-xr-x@ 18 me  staff  576 Feb 27 10:37 Sites
>> 
>> 4 thoughts:
>> 
>> 1. The '@' indicating the existence of extended attributes could be
>> overriding the '+' that is shown on files with extended ACLs, so any
>> level in the directory tree COULD have an ACL blocking the webserver
>> from reading the files or scanning the directories. Check with 'ls 
>> -le'
>> to be sure. This would be a simple but unlikely cause of the problem.
>> 
>> 2. Check the error logs for details of the failure. There is a
>> vhost-specific error log defined, but there should also be a 
>> server-wide
>> error log which may contain illuminating entries.
>> 
>> 3. Check the main httpd.conf for Directory or Location directives that
>> may be interfering with the Directory directives in the VirtualHost
>> definition.
>> 
>> 4. Make sure you don't have anything automatically 'upgrading' you to
>> HTTPS. This can be in the server config or in a browser setting.
>> 
>>>> On 12 Jun2021, at 8:37 PM, Jeff Greenberg
>>>> <listmail.ayendesigns at gmail.com 
>>>> <https://lists.macports.org/mailman/listinfo/macports-users>> wrote:
>>>> 
>>>> How about the permissions on the Sites folder?
>>>> 
>>>> On Jun 12, 2021, at 20:24, Murray Eisenberg
>>>> <murrayeisenberg at gmail.com 
>>>> <https://lists.macports.org/mailman/listinfo/macports-users>> wrote:
>>>> 
>>>> ?For the Macports apache2 installation, I?m using a non-default
>>>> location for my web sites. The httpd.conf includes a
>>>> httpd-vhosts.conf file, and the latter includes entries such as:
>>>> 
>>>> <VirtualHost *:80>
>>>>    DocumentRoot "/Users/me/Sites/MyHomePage"
>>>>    ServerName MyHomePage.local
>>>>    ServerAlias www.MyHomePage.local <http://www.myhomepage.local/ 
>>>> <http://www.myhomepage.local/>>
>>>>    ErrorLog  "var/log/apache2/me-MyHomePageerror_log"
>>>>    CustomLog "var/log/apache2/me-MyHomePage-access_log" common
>>>>    <Directory /Users/me/Sites/MyHomePage>
>>>>       Options Indexes FollowSymLinks
>>>>       Require all granted
>>>>   </Directory>
>>>> </VirtualHost>
>>>> 
>>>> And in my /private/etc/hosts I include the lines:
>>>> 
>>>> 127.0.0.1	localhost
>>>> 255.255.255.255	broadcasthost
>>>> ::1             localhost
>>>> fe80::1%lo0	localhost
>>>> 127.0.0.1	me-html.local
>>>> 127.0.0.1	MyHomePage.local
>>>> 
>>>> When I start apache and try to open the site MyHomePage.local, i get
>>>> error:
>>>> 
>>>> 	Forbidden You don't have permission to access this resource.
>>>> 
>>>> The permissions on /Users/me/Sites/MyHomePage are:
>>>> 
>>>> 	drwxr-xr-x@ 92 me  staff 2944 Apr 10 2015 MyHomePage
>>>> 
>>>> and the permissions for /Users/me/Sites/MyHomePage/index.html are:
>>>> 
>>>> 	-rw-r--r--@ 1 me  staff 8331 Apr 10 2015 index.html
>>>> 
>>>> What?s wrong?


Indeed, 

	sudo chmod a+x /Users /Users/me /Users/me/Sites

fixed the permissions access problem.

Is there some alternative way to fix this — by changing the owner of just /Users/me/Sites and its tree of descendents and/or by changing settings in the entries of 
 /opt/local/etc/apache2/extra/httpd-vhosts.conf ?

And if there is no such alternative, then why would permissions on /Users, /Users/me, and /Users/me/Sites have changed away from a+x, seemingly without my own intervention, during some macOS upgrade?

---
Murray Eisenberg			murrayeisenberg at gmail.com
503 King Farm Blvd #101	
Rockville, MD 20850-6667	Mobile (413)-427-5334


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macports.org/pipermail/macports-users/attachments/20210618/4333b48a/attachment.htm>


More information about the macports-users mailing list