Correct owner/group/permissions for Apache 2 site files/folders under Mac OS X?

by

This is the most restrictive and safest way I’ve found, as explained here for hypothetical ~/my/web/root/ directory for your web content:

  • For each parent directory leading to your web root (e.g. ~/my, ~/my/web, ~/my/web/root):
    • chmod go-rwx DIR (nobody other than owner can access content)
    • chmod go+x DIR (to allow “users” including _www to “enter” the dir)
  • sudo chgrp -R _www ~/my/web/root (all web content is now group _www)
  • chmod -R go-rwx ~/my/web/root (nobody other than owner can access web content)
  • chmod -R g+rx ~/my/web/root (all web content is now readable/executable/enterable by _www)

All other solutions leave files open to other local users (who are part of the “staff” group as well as obviously being in the “o”/others group). These users may then freely browse and access DB configurations, source code, or other sensitive details in your web config files and scripts if such are part of your content. If this is not an issue for you, then by all means go with one of the simpler solutions.

More Related Contents:

  1. XAMPP permissions on Mac OS X?
  2. “restricted” folder/files in OS X El Capitan
  3. Why do my setuid root bash shell scripts not work?
  4. Set environment variables on Mac OS X Lion
  5. Who is listening on a given TCP port on Mac OS X?
  6. dyld: Library not loaded … Reason: Image not found
  7. You don’t have write permissions for the /Library/Ruby/Gems/2.3.0 directory. (mac user)
  8. In-place edits with sed on OS X
  9. How can I get the behavior of GNU’s readlink -f on a Mac? [closed]
  10. Swift – Capture keydown from NSViewController
  11. How to build a dmg Mac OS X file (on a non-Mac platform)?
  12. How do I update the password for Git?
  13. find lacks the option -printf, now what?
  14. Vagrant box could not be found or could not be accessed in the remote catalog – incompatible curl version
  15. ld: library not found for -lcrt0.o on OSX 10.6 with gcc/clang -static flag
  16. Installing R on Mac – Warning messages: Setting LC_CTYPE failed, using “C”
  17. How can I clear previous output in Terminal in Mac OS X?
  18. Successive sys_write syscalls not working as expected, NASM bug on OS X?
  19. Uninstall / remove a Homebrew package including all its dependencies
  20. cannot download, $GOPATH not set
  21. Mounts denied. The paths … are not shared from OS X and are not known to Docker
  22. Chmod 777 to a folder and all contents [duplicate]
  23. What is the best/safest way to reinstall Homebrew?
  24. dyld: Library not loaded: @rpath/libswiftAVFoundation.dylib
  25. How to ignore Icon? in git
  26. Tell iPadOS from macOS on the web
  27. Equivalent of strace -feopen < command > on mac os X
  28. x64 nasm: pushing memory addresses onto the stack & call function
  29. Could not find conda environment
  30. Where to find Application Loader app in Mac?

Leave a Comment