apache doc folder permissions problem
murrayeisenberg at gmail.com
Fri Jun 18 18:33:43 UTC 2021
> On 18 Jun2021, at 2:13 PM, Bill Cole <macportsusers-20171215 at billmail.scconsult.com> wrote:
> On 2021-06-18 at 10:17:13 UTC-0400 (Fri, 18 Jun 2021 10:17:13 -0400)
> Murray Eisenberg <murrayeisenberg at gmail.com>
> is rumored to have said:
>> sudo chmod a+x /Users /Users/me /Users/me/Sites
>> fixed the permissions access problem.
> The requirement is that the user running httpd must have search access on the whole tree above anywhere httpd is serving files from. The precise meaning of the 'search' permission (i.e. the 'execute' bit on a directory) is not intuitive or even well documented. It is simply the ability to access nodes within the directory based on those nodes' permissions, provided the caller knows the name of the item being accessed. Without search permission it simply does not matter what the permissions on items below the directory might be, they cannot be accessed. If you are concerned with other users (i.e. processes running as other users, such as 'daemon' which runs httpd under MacPorts) you can 'chmod a-r' on those directories to block reading of the directories themselves (i.e. the list of names of sub-nodes.)
> You can provide the search permission via the basic rwx by user/group/all mechanism or by extended ACLs, but you cannot create a deep space of access without a path from above….
With macOS 11.4 at least, the command
chmod a-r /Users
sudo chmod a-r /Users
gives error "chmod: Unable to change file mode on /Users: Operation not permitted”.
(By contrast, making the change for /Users/me and /Users/me/Sites is OK.)
Murray Eisenberg murrayeisenberg at gmail.com
503 King Farm Blvd #101
Rockville, MD 20850-6667 Mobile (413)-427-5334
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the macports-users