Comments on: Mac OS X 10.5: Web Sharing – “Forbidden 403″ on http://localhost/~username http://techtrouts.com/mac-os-x-105-web-sharing-forbidden-403-on-httplocalhostusername/ Doin' the dev dance o/ Fri, 18 Mar 2011 11:05:39 +0000 hourly 1 http://wordpress.org/?v=3.0 By: Greg http://techtrouts.com/mac-os-x-105-web-sharing-forbidden-403-on-httplocalhostusername/comment-page-1/#comment-162 Greg Thu, 14 Oct 2010 18:17:32 +0000 http://techtrouts.com/mac-os-x-105-web-sharing-forbidden-403-on-httplocalhostusername/#comment-162 chmod 701 ~ chmod 705 ~/Sites sudo httpd -k restart worked great...! Thanks DronNick! chmod 701 ~
chmod 705 ~/Sites
sudo httpd -k restart

worked great…! Thanks DronNick!

]]> By: basia http://techtrouts.com/mac-os-x-105-web-sharing-forbidden-403-on-httplocalhostusername/comment-page-1/#comment-150 basia Tue, 03 Aug 2010 01:03:30 +0000 http://techtrouts.com/mac-os-x-105-web-sharing-forbidden-403-on-httplocalhostusername/#comment-150 hello again. in regard to post #35, my daughter fixed my problem. I wish I could share how she did this, but it was a labyrinth of unknown commands to me I blindly followed, and finally it involved going to /private/etc/apache2/ folder, then something about httpd.conf file. I am sure to everyone here it is meaningful, for me it is just an unbearable inside world of my MacBook I do not wish to revisit again. Thanks anyway, for posting your resolution. hello again. in regard to post #35, my daughter fixed my problem. I wish I could share how she did this, but it was a labyrinth of unknown commands to me I blindly followed, and finally it involved going to /private/etc/apache2/ folder, then something about httpd.conf file. I am sure to everyone here it is meaningful, for me it is just an unbearable inside world of my MacBook I do not wish to revisit again. Thanks anyway, for posting your resolution.

]]> By: basia http://techtrouts.com/mac-os-x-105-web-sharing-forbidden-403-on-httplocalhostusername/comment-page-1/#comment-149 basia Fri, 30 Jul 2010 14:54:52 +0000 http://techtrouts.com/mac-os-x-105-web-sharing-forbidden-403-on-httplocalhostusername/#comment-149 Hello everyone, I would very much appreciate further guiding through this process since all that my brain could follow is to open my terminal. In my terminal all I see is: Last login: Thu Jul 29 10:00:35 on console basias-MacBook:~ basia$ all your comments seem to help everyone, but my old brain is not able to comprehend what to do next. If anyone is kind enough to take me step by step what to do from the point in my terminal : Last login: Thu Jul 29 10:00:35 on console basias-MacBook:~ basia$ I will be most grateful. by the way, this error started after running the upgrades, and shows up on all web pages of my 2 domains and 3 subdomains, and all my tripot.com pages that have many. thank you in advance basia Hello everyone, I would very much appreciate further guiding through this process since all that my brain could follow is to open my terminal. In my terminal all I see is:
Last login: Thu Jul 29 10:00:35 on console
basias-MacBook:~ basia$

all your comments seem to help everyone, but my old brain is not able to comprehend what to do next.
If anyone is kind enough to take me step by step what to do from the point in my terminal :
Last login: Thu Jul 29 10:00:35 on console
basias-MacBook:~ basia$

I will be most grateful.
by the way, this error started after running the upgrades, and shows up on all web pages of my 2 domains and 3 subdomains, and all my tripot.com pages that have many.

thank you in advance
basia

]]> By: Stellablue http://techtrouts.com/mac-os-x-105-web-sharing-forbidden-403-on-httplocalhostusername/comment-page-1/#comment-141 Stellablue Fri, 09 Jul 2010 22:59:21 +0000 http://techtrouts.com/mac-os-x-105-web-sharing-forbidden-403-on-httplocalhostusername/#comment-141 Good post and comments! #24 part 3 fixed it for me. I did not need to change httpd.conf and user.conf was setup already. #31 has good point in a shared environment with multiple users & sites. I think it is a good idea to keep all sites (& files) in one spot (ie: /library/webserver/documents) and setup user-owned folders...But to each his own. Unix is sure powerful tho - Stellablue Good post and comments! #24 part 3 fixed it for me. I did not need to change httpd.conf and user.conf was setup already. #31 has good point in a shared environment with multiple users & sites. I think it is a good idea to keep all sites (& files) in one spot (ie: /library/webserver/documents) and setup user-owned folders…But to each his own.

Unix is sure powerful tho – Stellablue

]]> By: jk http://techtrouts.com/mac-os-x-105-web-sharing-forbidden-403-on-httplocalhostusername/comment-page-1/#comment-139 jk Mon, 28 Jun 2010 16:50:50 +0000 http://techtrouts.com/mac-os-x-105-web-sharing-forbidden-403-on-httplocalhostusername/#comment-139 Fantastic! The Apple fix didn't work for me but this one did after I removed the user.conf file I created using the Apple fix... Thanks for the tip! Fantastic! The Apple fix didn’t work for me but this one did after I removed the user.conf file I created using the Apple fix…

Thanks for the tip!

]]> By: YurikRecords http://techtrouts.com/mac-os-x-105-web-sharing-forbidden-403-on-httplocalhostusername/comment-page-1/#comment-138 YurikRecords Sun, 20 Jun 2010 13:30:20 +0000 http://techtrouts.com/mac-os-x-105-web-sharing-forbidden-403-on-httplocalhostusername/#comment-138 http://support.apple.com/kb/TA25038 it worked http://support.apple.com/kb/TA25038
it worked

]]> By: stvs http://techtrouts.com/mac-os-x-105-web-sharing-forbidden-403-on-httplocalhostusername/comment-page-1/#comment-132 stvs Thu, 27 May 2010 16:40:39 +0000 http://techtrouts.com/mac-os-x-105-web-sharing-forbidden-403-on-httplocalhostusername/#comment-132 All the methods described here are insecure, and Apple isn't helping by forcing people to open their home directories as read-all to get web sharing to work. I DO NOT recommend giving EVERYONE read permission to your home directory, nor do I recommend the method described above of changing "Allow from all" in /private/etc/apache2/httpd.conf. Rather, I recommend creating a separate "/Users/Shared" directory with a corresponding weak Shared user account, then hosting content from the Shared directory. You can also use /Users/Shared to keep things like photos, music, virtual disk images, and other items that you do not necessarily wish FileVault to encrypt. As root, do these steps: # create /Users/Shared and user Shared with no login capability: mkdir /Users/Shared mkdir /Users/Shared/Sites mkdir /Users/Shared/Sites/images dscl localhost -create /Local/Default/Users/Shared dscl . -create /Users/Shared UniqueID 511 [dsexport users.out /Local/Default dsRecTypeStandard:Users ; less users.out to find next UniqueID -- see http://osxdaily.com/2007/10/29/how-to-add-a-user-from-the-os-x-command-line-works-with-leopard/] dscl . -create /Users/Shared UserShell /usr/bin/false # no login for Shared! dscl . -create /Users/Shared PrimaryGroupID 20 # staff dscl . -create /Users/Shared NFSHomeDirectory /Users/Shared # change ownership, permissions chown -R Shared:staff /Users/Shared chown -R 775 /Users/Shared # create apache conf file cp -p /etc/apache2/users/myusername.conf /etc/apache2/users/Shared.conf nano /etc/apache2/users/Shared.conf [Edit first line to use directory "/Users/Shared/Sites/"] httpd -k restart # copy over default web pages to /Users/Shared/Sites cp -p ~myusername/Sites/index.html /Users/Shared/Sites cp -p ~myusername/Sites/images/macosxlogo.gif /Users/Shared/Sites/images cp -p ~myusername/Sites/images/apache_pb.gif /Users/Shared/Sites/images cp -p ~myusername/Sites/images/web_share.gif /Users/Shared/Sites/images Now log out of root, and either under a new shell (bash/sh/tcsh/whatever) or a new Terminal window, you ought to be able to "cd ~Shared" to get to /Users/Shared. Sanity check your permissions using: ls -ld /Users/Shared. If you don't want all staff to have write access to /Users/Shared and below, then: chmod -R g-w /Users/Shared Now Stop/Start System Preferences>Sharing>Web Sharing, and point your browser to: http://localhost/~Shared That should work. Now host from /Users/Shared without anyone being able access to your home directory. If you edited /private/etc/apache2/httpd.conf to "Allow from all" as default, change this back to "Deny from all" as default, and restart httpd and Web Sharing. All the methods described here are insecure, and Apple isn’t helping by forcing people to open their home directories as read-all to get web sharing to work.

I DO NOT recommend giving EVERYONE read permission to your home directory, nor do I recommend the method described above of changing “Allow from all” in /private/etc/apache2/httpd.conf.

Rather, I recommend creating a separate “/Users/Shared” directory with a corresponding weak Shared user account, then hosting content from the Shared directory.

You can also use /Users/Shared to keep things like photos, music, virtual disk images, and other items that you do not necessarily wish FileVault to encrypt.

As root, do these steps:

# create /Users/Shared and user Shared with no login capability:

mkdir /Users/Shared
mkdir /Users/Shared/Sites
mkdir /Users/Shared/Sites/images

dscl localhost -create /Local/Default/Users/Shared
dscl . -create /Users/Shared UniqueID 511
[dsexport users.out /Local/Default dsRecTypeStandard:Users ; less users.out to find next UniqueID -- see http://osxdaily.com/2007/10/29/how-to-add-a-user-from-the-os-x-command-line-works-with-leopard/
dscl . -create /Users/Shared UserShell /usr/bin/false # no login for Shared!
dscl . -create /Users/Shared PrimaryGroupID 20 # staff
dscl . -create /Users/Shared NFSHomeDirectory /Users/Shared
# change ownership, permissions
chown -R Shared:staff /Users/Shared
chown -R 775 /Users/Shared

# create apache conf file
cp -p /etc/apache2/users/myusername.conf /etc/apache2/users/Shared.conf
nano /etc/apache2/users/Shared.conf
[Edit first line to use directory "/Users/Shared/Sites/"]
httpd -k restart

# copy over default web pages to /Users/Shared/Sites
cp -p ~myusername/Sites/index.html /Users/Shared/Sites
cp -p ~myusername/Sites/images/macosxlogo.gif /Users/Shared/Sites/images
cp -p ~myusername/Sites/images/apache_pb.gif /Users/Shared/Sites/images
cp -p ~myusername/Sites/images/web_share.gif /Users/Shared/Sites/images

Now log out of root, and either under a new shell (bash/sh/tcsh/whatever) or a new Terminal window, you ought to be able to “cd ~Shared” to get to /Users/Shared. Sanity check your permissions using:
ls -ld /Users/Shared. If you don’t want all staff to have write access to /Users/Shared and below, then:
chmod -R g-w /Users/Shared

Now Stop/Start System Preferences>Sharing>Web Sharing, and point your browser to:

http://localhost/~Shared

That should work. Now host from /Users/Shared without anyone being able access to your home directory. If you edited /private/etc/apache2/httpd.conf to “Allow from all” as default, change this back to “Deny from all” as default, and restart httpd and Web Sharing.

]]> By: DronNick http://techtrouts.com/mac-os-x-105-web-sharing-forbidden-403-on-httplocalhostusername/comment-page-1/#comment-131 DronNick Tue, 25 May 2010 22:03:55 +0000 http://techtrouts.com/mac-os-x-105-web-sharing-forbidden-403-on-httplocalhostusername/#comment-131 chmod 701 ~ chmod 705 ~/Sites chmod 701 ~
chmod 705 ~/Sites

]]> By: Rich http://techtrouts.com/mac-os-x-105-web-sharing-forbidden-403-on-httplocalhostusername/comment-page-1/#comment-128 Rich Fri, 07 May 2010 20:18:41 +0000 http://techtrouts.com/mac-os-x-105-web-sharing-forbidden-403-on-httplocalhostusername/#comment-128 Thank you so much sir! I'm a noob to this stuff and spent the entire morning trying to figure this one out. Your post was the solution! Thank you so much sir! I’m a noob to this stuff and spent the entire morning trying to figure this one out. Your post was the solution!

]]> By: Ray http://techtrouts.com/mac-os-x-105-web-sharing-forbidden-403-on-httplocalhostusername/comment-page-1/#comment-123 Ray Sat, 24 Apr 2010 01:47:47 +0000 http://techtrouts.com/mac-os-x-105-web-sharing-forbidden-403-on-httplocalhostusername/#comment-123 You are brilliant, bravo. :) I didn't think they'd have "Deny all" in there, pfft You are brilliant, bravo. :)
I didn’t think they’d have “Deny all” in there, pfft

]]>