Apache2 VirtualHost giving "403 Forbidden"

Discussion in 'OS X El Capitan (10.11)' started by mac65, Dec 1, 2015.

  1. mac65 macrumors member

    mac65

    Joined:
    Mar 31, 2009
    Location:
    Munich, Germany
    #1
    I have a strange effect on 10.11.1 that doesn't occur on my other Mac running 10.10.5:

    When I add a virtual host, no matter via a different port or with a different host name, I get the error msg:

    Here's how the host is declared:

    Code:
    <VirtualHost *:80>
        DocumentRoot "/Development/mysite/public"
        ServerName mysite.local
        <Directory "/Development/mysite/public">
            Options All
            AllowOverride All
            Require all granted
        </Directory>
    </VirtualHost>
    Of course, the path exists and is readable (i.e. folder permissions are 755 and files inside are 644).
    There are no special ACLs set (checked with "ls -lae").

    However, if I change the path from "/Development/mysite/public" to "/Library/WebServer/Documents", then it works, i.e. no more permission errors.
    Same if I move my entire folder to "/Library/WebServer/mysite" and change the paths in the config accordingly, even if I leave the ownership of the folder to my normal user and the admin group (501:80).
    And, as already said, the very same setup (same httpd.conf, same folder structure) works without this issue on 10.10.5.

    So, somehow, the web server doesn't seem to get access to any files outside the /Library/WebServer folder. I wonder if that's also part of the new rootless changes, but I cannot find anything on the web on this particular issue.

    Does anyone have an idea what's going on here and how to make this work?
     
  2. treekram macrumors 6502a

    Joined:
    Nov 9, 2015
    Location:
    Honolulu HI
    #2
    I don't think you have a SIP issue. /Development doesn't sound like a directory SIP would care about. I didn't have this directory on my machine. I have SIP enabled . As root, I created the directory structure "/Development/mysite/public". Nothing seemed amiss. I would check to make sure the permissions are the same as your 10.10.5 machine for each of the component directories leading up to /Development/mysite/public. If you don't have execute permission on, say, mysite, you won't be able to read any files in /Development/mysite/public even though you have 755 permission on public and 644 on the files. Other than that, probably check Apache support sites.
     
  3. mac65 thread starter macrumors member

    mac65

    Joined:
    Mar 31, 2009
    Location:
    Munich, Germany
    #3
    I solved the issue by editing httpd.conf, changing the "User" and "Group" from "_www" to my user name and "admin" (and then issuing 'sudo apachectl graceful').
     
  4. leman macrumors 604

    Joined:
    Oct 14, 2008
    #4
    You should also check if all the components of the path have proper permissions set.
     
  5. mac65 thread starter macrumors member

    mac65

    Joined:
    Mar 31, 2009
    Location:
    Munich, Germany
    #5
    Yeah. That is about as useful as saying "make sure you are not making any mistakes".
    Also, I already mentioned permissions in my posting.
     
  6. leman macrumors 604

    Joined:
    Oct 14, 2008
    #6
    True, but it was not clear whether you only checked permissions on the target path or also on every component of that path. Anyway, sorry if my idea was not helpful.
     
  7. mac65 thread starter macrumors member

    mac65

    Joined:
    Mar 31, 2009
    Location:
    Munich, Germany
    #7
    If a parent folder's permission would not be right, I would not even be able to look into its subfolders, that's why I thought your advice was moot. I may be wrong, though. Clearly, something is screwed up with the permissions, after all.
     

Share This Page