Re: apache doc folder permissions problem

2021-06-17 Thread Bill Cole 

On 2021-06-17 at 15:32:38 UTC-0400 (Thu, 17 Jun 2021 15:32:38 -0400)
Murray Eisenberg 
is rumored to have said:

I’m at a loss what to do in response to the reply, below, from Bill 
Cole.


I note that to the best of my knowledge, nothing changed as to the 
attributes or permissions of any of the user doc folders listed in my 
httpd-vhosts.conf file except as may have been done without my 
knowledge in an update to macOS 11.3 or 11.4, or in case of some 
change in the MacPorts files supporting apache — but I believe I’m 
still using the very same configuration files, including httpd.conf, 
httpd-vhosts.conf, and httpd-userdir.conf (and /private/etc/hosts) as 
I have in the past!


1. What should I do with respect to extended attributes? I get:

[~] % ls -le Sites
total 32 [some results omitted from list]
drwxr-xr-x@ 23 me  staff   736 Jul 31  2020 Math421Blog
drwxr-xr-x@ 92 me  staff  2944 Apr 10  2015 MyHomePage
drwxr-xr-x  32 me  staff  1024 Jun 12 15:32 RapidWeaver
drwxr-xr-x@ 20 me  staff   640 Jun 17 10:23 html
drwxr-xr-x  10 me  staff   320 Aug 27  2017 newsite

And:

[~] % ls -le Sites/MyHomePage
total 541576 [I show only a couple of the files & folders]
drwxr-xr-x@  73 me  staff   2336 Jan 31  2015 Math_127
drwxr-xr-x@ 146 me  staff   4672 Jan 31  2015 Math_131
-rw-r--r--@   1 me  staff   8331 Apr 10  2015 index.html
-rw-r--r--@   1 me  staff  39890 Jun  2  2010 me.jpg
-rw-r--r--@   1 me  staff695 Feb 24  2011 site.css
-rw-r--r--@   1 me  staff   1385 Feb 24  2011 style.css


That's fine as is. If extended ACLs were your issue, the 'e' option to 
ls would have displayed them.



2. In the vhost-specific error log 
/opt/local/var/log/apache2/me-MyHomePageerror_log I’m finding 
entries like this:
[Thu Jun 17 15:17:10.509589 2021] [core:error] [pid 13543] 
(13)Permission denied: [client 127.0.0.1:53851] AH00035: access to / 
denied (filesystem path '/Users/me/Sites') because search permissions 
are missing on a component of the path
[Thu Jun 17 15:17:10.551868 2021] [core:error] [pid 13543] 
(13)Permission denied: [client 127.0.0.1:53851] AH00035: access to 
/favicon.ico denied (filesystem path '/Users/me/Sites') because search 
permissions are missing on a component of the path, referer: 
http://myhomepage.local/
[Thu Jun 17 15:19:00.531386 2021] [core:error] [pid 13498] 
(13)Permission denied: [client 127.0.0.1:53909] AH00035: access to / 
denied (filesystem path '/Users/me/Sites') because search permissions 
are missing on a component of the path


There's the critical clue!

Your home directory is probably not world-searchable. To eliminate the 
reported error definitively:


sudo chmod a+x /Users /Users/me /Users/me/Sites



3. File httpd.conf includes the lines:
DocumentRoot "/opt/local/www/apache2/html"

Options Indexes FollowSymLinks
AllowOverride None
Require all granted

I don’t think that’s changed.


Looks good.


4. The errors are occurring with Opera as well as with Safari. I 
don’t know if there’s any browser setting that’s upgrading http 
to https; I am explicitly using the “http:” prefix in 
“http://MyHomePage.local "


So that is probably not an issue




On June 13 at 16:21 UTC 2021, Bill Cole  wrote:

On 2021-06-13 at 11:47:53 UTC-0400 (Sun, 13 Jun 2021 11:47:53 -0400)
Murray Eisenberg >

is rumored to have said:


ls -ld Sites
drwxr-xr-x@ 18 me  staff  576 Feb 27 10:37 Sites


4 thoughts:

1. The '@' indicating the existence of extended attributes could be
overriding the '+' that is shown on files with extended ACLs, so any
level in the directory tree COULD have an ACL blocking the webserver
from reading the files or scanning the directories. Check with 'ls 
-le'

to be sure. This would be a simple but unlikely cause of the problem.

2. Check the error logs for details of the failure. There is a
vhost-specific error log defined, but there should also be a 
server-wide

error log which may contain illuminating entries.

3. Check the main httpd.conf for Directory or Location directives that
may be interfering with the Directory directives in the VirtualHost
definition.

4. Make sure you don't have anything automatically 'upgrading' you to
HTTPS. This can be in the server config or in a browser setting.


On 12 Jun2021, at 8:37 PM, Jeff Greenberg
> wrote:


How about the permissions on the Sites folder?

On Jun 12, 2021, at 20:24, Murray Eisenberg
> wrote:


For the Macports apache2 installation, I’m using a non-default
location for my web sites. The httpd.conf includes a
httpd-vhosts.conf file, and the latter includes entries such as:


DocumentRoot

Re: apache doc folder permissions problem

2021-06-17 Thread Murray Eisenberg 
I’m at a loss what to do in response to the reply, below, from Bill Cole.

I note that to the best of my knowledge, nothing changed as to the attributes 
or permissions of any of the user doc folders listed in my httpd-vhosts.conf 
file except as may have been done without my knowledge in an update to macOS 
11.3 or 11.4, or in case of some change in the MacPorts files supporting apache 
— but I believe I’m still using the very same configuration files, including 
httpd.conf, httpd-vhosts.conf, and httpd-userdir.conf (and /private/etc/hosts) 
as I have in the past!

1. What should I do with respect to extended attributes? I get:

[~] % ls -le Sites
total 32 [some results omitted from list]
drwxr-xr-x@ 23 me  staff   736 Jul 31  2020 Math421Blog
drwxr-xr-x@ 92 me  staff  2944 Apr 10  2015 MyHomePage
drwxr-xr-x  32 me  staff  1024 Jun 12 15:32 RapidWeaver
drwxr-xr-x@ 20 me  staff   640 Jun 17 10:23 html
drwxr-xr-x  10 me  staff   320 Aug 27  2017 newsite

And:

[~] % ls -le Sites/MyHomePage
total 541576 [I show only a couple of the files & folders]
drwxr-xr-x@  73 me  staff   2336 Jan 31  2015 Math_127
drwxr-xr-x@ 146 me  staff   4672 Jan 31  2015 Math_131
-rw-r--r--@   1 me  staff   8331 Apr 10  2015 index.html
-rw-r--r--@   1 me  staff  39890 Jun  2  2010 me.jpg
-rw-r--r--@   1 me  staff695 Feb 24  2011 site.css
-rw-r--r--@   1 me  staff   1385 Feb 24  2011 style.css

2. In the vhost-specific error log 
/opt/local/var/log/apache2/me-MyHomePageerror_log I’m finding entries like this:
[Thu Jun 17 15:17:10.509589 2021] [core:error] [pid 13543] (13)Permission 
denied: [client 127.0.0.1:53851] AH00035: access to / denied (filesystem path 
'/Users/me/Sites') because search permissions are missing on a component of the 
path
[Thu Jun 17 15:17:10.551868 2021] [core:error] [pid 13543] (13)Permission 
denied: [client 127.0.0.1:53851] AH00035: access to /favicon.ico denied 
(filesystem path '/Users/me/Sites') because search permissions are missing on a 
component of the path, referer: http://myhomepage.local/
[Thu Jun 17 15:19:00.531386 2021] [core:error] [pid 13498] (13)Permission 
denied: [client 127.0.0.1:53909] AH00035: access to / denied (filesystem path 
'/Users/me/Sites') because search permissions are missing on a component of the 
path
3. File httpd.conf includes the lines:
DocumentRoot "/opt/local/www/apache2/html"

Options Indexes FollowSymLinks
AllowOverride None
Require all granted

I don’t think that’s changed.
4. The errors are occurring with Opera as well as with Safari. I don’t know if 
there’s any browser setting that’s upgrading http to https; I am explicitly 
using the “http:” prefix in “http://MyHomePage.local "
On June 13 at 16:21 UTC 2021, Bill Cole  wrote:

On 2021-06-13 at 11:47:53 UTC-0400 (Sun, 13 Jun 2021 11:47:53 -0400)
Murray Eisenberg https://lists.macports.org/mailman/listinfo/macports-users>>
is rumored to have said:

> ls -ld Sites
> drwxr-xr-x@ 18 me  staff  576 Feb 27 10:37 Sites

4 thoughts:

1. The '@' indicating the existence of extended attributes could be 
overriding the '+' that is shown on files with extended ACLs, so any 
level in the directory tree COULD have an ACL blocking the webserver 
from reading the files or scanning the directories. Check with 'ls -le' 
to be sure. This would be a simple but unlikely cause of the problem.

2. Check the error logs for details of the failure. There is a 
vhost-specific error log defined, but there should also be a server-wide 
error log which may contain illuminating entries.

3. Check the main httpd.conf for Directory or Location directives that 
may be interfering with the Directory directives in the VirtualHost 
definition.

4. Make sure you don't have anything automatically 'upgrading' you to 
HTTPS. This can be in the server config or in a browser setting.

>> On 12 Jun2021, at 8:37 PM, Jeff Greenberg 
>> > > wrote:
>>
>> How about the permissions on the Sites folder?
>>
>> On Jun 12, 2021, at 20:24, Murray Eisenberg 
>> > > wrote:
>>
>> For the Macports apache2 installation, I’m using a non-default 
>> location for my web sites. The httpd.conf includes a 
>> httpd-vhosts.conf file, and the latter includes entries such as:
>>
>> 
>> DocumentRoot "/Users/me/Sites/MyHomePage"
>> ServerName MyHomePage.local
>> ServerAlias www.MyHomePage.local > >
>> ErrorLog  "var/log/apache2/me-MyHomePageerror_log"
>> CustomLog "var/log/apache2/me-MyHomePage-access_log" common
>> 
>>Options Indexes FollowSymLinks
>>Require all granted
>>
>> 
>>
>> And in my /private/etc/hosts I include the