[m a d r a]

i've always customised httpd.conf under jaguar [so that my webserver docs were served from my 'sites' folder rather than /library/webserver/documents/ however, after installing panther and mv-ing httpd.conf.applesaved [ie. the previous httpd.conf file] to httpd.conf ie. overwriting panther's default settings i get an...

Code:
Forbidden
You don't have permission to access / on this server.

... error when trying to access my webserver. i rem this happened last time i did a point upgrade from 10,1 to jag but cannae for the life of me rem what the solution was. anyone able to jog my memory?

if it's any help, apache's error log says...

Code:
Permission denied: access to / failed because search permissions are missing on a component of the path

[m a d r a]

random thought:

i've encrypted my home directory using filevault. would this choke apache? if it's trying to serve my web pages from my sites folder, which is in my home directory and therefore encrypted. mind you i thought filevault encryption was meant to be 'seamless' within the OS itself.

hmmm...???

[redJag]

that shouldn't be the problem. check permissions on your 'Sites' folder, make sure it is world readable.

[m a d r a]

i'd already checked permissions.

anyway, i just googled for filevault + apache to see if there were any recognised incompatibilities. didnae come across anything directly related but, after reading a load of real 'horror stories' about filevault on various sites, i turned it off and... surprise surprise! apache is now happily serving pages from my 'sites' folder as the webserver document root.

it's starting to look like filevault is an even bigger POS than it initially seemed!

[godzookie2k]

maybe just encrypt the subfolders in your home folder. or do the serving out of your library/webserver folder.


hi madra, long time no see.

[m a d r a]

[double post]

[m a d r a]

Originally posted by godzookie2k:
maybe just encrypt the subfolders in your home folder. or do the serving out of your library/webserver folder.


hi madra, long time no see.

hi dude.

filevault disnae allow you to selectively customise subfolders, otherwise i'd just encrypt my docs folder.

the reason i serve out of my sites folder is so i can preview stuff i'm working on with a simple "http://localhost/<whatever>" or "http://127.0.0.1/<whatever>", without having to do all that "~/username" stuff

[theolein]

The document root from where Apache serves is a line in httpd.conf

which looks like this

Code:
#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "/Library/WebServer/Documents"

If you change that to your user folder i.e. "/Users/madraTheMad/Sites" then that is where "http://localhost" will be served from. The fact that it doesn't work with filevault is because Apache has no concept of filevault. It only understands the standard Unix permissions system. Apple specific stuff, such as hfs+ volumes or filevault need to be added to Apache as module extensions. Some sucker has to write a module though.

[m a d r a]

Originally posted by theolein:
....The document root from where Apache serves is a line in httpd.conf........

.......If you change that to your user folder i.e. "/Users/madraTheMad/Sites" then that is where "http://localhost" will be served from........

yeah. i know. that's what i always do. the prob was it suddenly stopped working and gave me a permission error. i thought at first it was sommit to do with updating panther to 10,3,1 but [as outlined above] it turned out to be a filevault f**k up.

[Simon Mundy]

Originally posted by m a d r a:
yeah. i know. that's what i always do. the prob was it suddenly stopped working and gave me a permission error. i thought at first it was sommit to do with updating panther to 10,3,1 but [as outlined above] it turned out to be a filevault f**k up.

It's likely that the problem then is to do with the line

Include /private/etc/httpd/users/*.conf

because Apache then goes and checks your users folder for per-user directories, tries to access the file-vaulted user home directory and then chokes.

Try commenting this out, turn file-vault back on and see if the problem persists.

[redJag]

are you using the apache included with panther? it seems like apple would have accounted for this, in the version released wit the os, at least! glad you fixed the problem, kinda crappy that it was cause by FileVault though.

[theolein]

Originally posted by m a d r a:
yeah. i know. that's what i always do. the prob was it suddenly stopped working and gave me a permission error. i thought at first it was sommit to do with updating panther to 10,3,1 but [as outlined above] it turned out to be a filevault f**k up.

I wouldn't really think of it as a **** up, but rather as a Good Thing™. I would personally be quite disturbed if Apache suddenly started serving files out of an encrypted volume without any authentication. The fact that other progs that run in the GUI don't have problems with this is because they all run with the same level of permissions as you do. Apache has it's own set of permissions that make very good sense from a security point of view. It starts up as root and then switches over to another user with much lower permission so that if it does get hacked it won't bugger the whole system.

Ever think of filing a bug at the OSX feedback page about this?

[Simon Mundy]

Originally posted by theolein:
I wouldn't really think of it as a **** up, but rather as a Good Thing™. I would personally be quite disturbed if Apache suddenly started serving files out of an encrypted volume without any authentication. The fact that other progs that run in the GUI don't have problems with this is because they all run with the same level of permissions as you do. Apache has it's own set of permissions that make very good sense from a security point of view. It starts up as root and then switches over to another user with much lower permission so that if it does get hacked it won't bugger the whole system.

Ever think of filing a bug at the OSX feedback page about this?

Yep, a valid point. The only beef I have with that is that Apache doesn't gracefully handle that kind of scenario and simply fails completely. Not an OS X-specific problem, but an Apache problem. I think I'll post this on their feedback boards...

[theolein]

Originally posted by Simon Mundy:
Yep, a valid point. The only beef I have with that is that Apache doesn't gracefully handle that kind of scenario and simply fails completely. Not an OS X-specific problem, but an Apache problem. I think I'll post this on their feedback boards...

There is one thing you could try and that is to start the Keychain Access application and add a new Keychain for the "www" user with rights to your user. I have no idea if it could work, but it's worth a try.

[m a d r a]

thanks for the comments folks. i think i'll just stick with leaving filevault turned off. as i said above there are so many horror stories on the web about it destroying people's data that i think i'll wait til apple get it working properly before i dabble again.

[timmerk]

well, anyone figure how to have apache set up this way w/ filevault turned on?

[Amorya]

Guys, it's not a filevault problem. The same thing happened here.

When I go to http://localhost/~amorya/ I get the same message:

Forbidden
You don't have permission to access /~amorya/ on this server

The only change I had made to my Apache config was enabling PHP.

The thing still serves pages fine, it just doesn't allow directory browsing.


Amorya