Comments on: Mac OS X 10.5: Web Sharing – “Forbidden 403″ on http://localhost/~username http://techtrouts.com/mac-os-x-105-web-sharing-forbidden-403-on-httplocalhostusername/ Doin' the dev dance o/ Fri, 23 Jul 2010 17:33:52 +0000 hourly 1 http://wordpress.org/?v=3.0 By: Stellablue http://techtrouts.com/mac-os-x-105-web-sharing-forbidden-403-on-httplocalhostusername/comment-page-1/#comment-141 Stellablue Fri, 09 Jul 2010 22:59:21 +0000 http://techtrouts.com/mac-os-x-105-web-sharing-forbidden-403-on-httplocalhostusername/#comment-141 Good post and comments! #24 part 3 fixed it for me. I did not need to change httpd.conf and user.conf was setup already. #31 has good point in a shared environment with multiple users & sites. I think it is a good idea to keep all sites (& files) in one spot (ie: /library/webserver/documents) and setup user-owned folders...But to each his own. Unix is sure powerful tho - Stellablue Good post and comments! #24 part 3 fixed it for me. I did not need to change httpd.conf and user.conf was setup already. #31 has good point in a shared environment with multiple users & sites. I think it is a good idea to keep all sites (& files) in one spot (ie: /library/webserver/documents) and setup user-owned folders…But to each his own.

Unix is sure powerful tho – Stellablue

]]> By: jk http://techtrouts.com/mac-os-x-105-web-sharing-forbidden-403-on-httplocalhostusername/comment-page-1/#comment-139 jk Mon, 28 Jun 2010 16:50:50 +0000 http://techtrouts.com/mac-os-x-105-web-sharing-forbidden-403-on-httplocalhostusername/#comment-139 Fantastic! The Apple fix didn't work for me but this one did after I removed the user.conf file I created using the Apple fix... Thanks for the tip! Fantastic! The Apple fix didn’t work for me but this one did after I removed the user.conf file I created using the Apple fix…

Thanks for the tip!

]]> By: YurikRecords http://techtrouts.com/mac-os-x-105-web-sharing-forbidden-403-on-httplocalhostusername/comment-page-1/#comment-138 YurikRecords Sun, 20 Jun 2010 13:30:20 +0000 http://techtrouts.com/mac-os-x-105-web-sharing-forbidden-403-on-httplocalhostusername/#comment-138 http://support.apple.com/kb/TA25038 it worked http://support.apple.com/kb/TA25038
it worked

]]> By: stvs http://techtrouts.com/mac-os-x-105-web-sharing-forbidden-403-on-httplocalhostusername/comment-page-1/#comment-132 stvs Thu, 27 May 2010 16:40:39 +0000 http://techtrouts.com/mac-os-x-105-web-sharing-forbidden-403-on-httplocalhostusername/#comment-132 All the methods described here are insecure, and Apple isn't helping by forcing people to open their home directories as read-all to get web sharing to work. I DO NOT recommend giving EVERYONE read permission to your home directory, nor do I recommend the method described above of changing "Allow from all" in /private/etc/apache2/httpd.conf. Rather, I recommend creating a separate "/Users/Shared" directory with a corresponding weak Shared user account, then hosting content from the Shared directory. You can also use /Users/Shared to keep things like photos, music, virtual disk images, and other items that you do not necessarily wish FileVault to encrypt. As root, do these steps: # create /Users/Shared and user Shared with no login capability: mkdir /Users/Shared mkdir /Users/Shared/Sites mkdir /Users/Shared/Sites/images dscl localhost -create /Local/Default/Users/Shared dscl . -create /Users/Shared UniqueID 511 [dsexport users.out /Local/Default dsRecTypeStandard:Users ; less users.out to find next UniqueID -- see http://osxdaily.com/2007/10/29/how-to-add-a-user-from-the-os-x-command-line-works-with-leopard/] dscl . -create /Users/Shared UserShell /usr/bin/false # no login for Shared! dscl . -create /Users/Shared PrimaryGroupID 20 # staff dscl . -create /Users/Shared NFSHomeDirectory /Users/Shared # change ownership, permissions chown -R Shared:staff /Users/Shared chown -R 775 /Users/Shared # create apache conf file cp -p /etc/apache2/users/myusername.conf /etc/apache2/users/Shared.conf nano /etc/apache2/users/Shared.conf [Edit first line to use directory "/Users/Shared/Sites/"] httpd -k restart # copy over default web pages to /Users/Shared/Sites cp -p ~myusername/Sites/index.html /Users/Shared/Sites cp -p ~myusername/Sites/images/macosxlogo.gif /Users/Shared/Sites/images cp -p ~myusername/Sites/images/apache_pb.gif /Users/Shared/Sites/images cp -p ~myusername/Sites/images/web_share.gif /Users/Shared/Sites/images Now log out of root, and either under a new shell (bash/sh/tcsh/whatever) or a new Terminal window, you ought to be able to "cd ~Shared" to get to /Users/Shared. Sanity check your permissions using: ls -ld /Users/Shared. If you don't want all staff to have write access to /Users/Shared and below, then: chmod -R g-w /Users/Shared Now Stop/Start System Preferences>Sharing>Web Sharing, and point your browser to: http://localhost/~Shared That should work. Now host from /Users/Shared without anyone being able access to your home directory. If you edited /private/etc/apache2/httpd.conf to "Allow from all" as default, change this back to "Deny from all" as default, and restart httpd and Web Sharing. All the methods described here are insecure, and Apple isn’t helping by forcing people to open their home directories as read-all to get web sharing to work.

I DO NOT recommend giving EVERYONE read permission to your home directory, nor do I recommend the method described above of changing “Allow from all” in /private/etc/apache2/httpd.conf.

Rather, I recommend creating a separate “/Users/Shared” directory with a corresponding weak Shared user account, then hosting content from the Shared directory.

You can also use /Users/Shared to keep things like photos, music, virtual disk images, and other items that you do not necessarily wish FileVault to encrypt.

As root, do these steps:

# create /Users/Shared and user Shared with no login capability:

mkdir /Users/Shared
mkdir /Users/Shared/Sites
mkdir /Users/Shared/Sites/images

dscl localhost -create /Local/Default/Users/Shared
dscl . -create /Users/Shared UniqueID 511
[dsexport users.out /Local/Default dsRecTypeStandard:Users ; less users.out to find next UniqueID -- see http://osxdaily.com/2007/10/29/how-to-add-a-user-from-the-os-x-command-line-works-with-leopard/
dscl . -create /Users/Shared UserShell /usr/bin/false # no login for Shared!
dscl . -create /Users/Shared PrimaryGroupID 20 # staff
dscl . -create /Users/Shared NFSHomeDirectory /Users/Shared
# change ownership, permissions
chown -R Shared:staff /Users/Shared
chown -R 775 /Users/Shared

# create apache conf file
cp -p /etc/apache2/users/myusername.conf /etc/apache2/users/Shared.conf
nano /etc/apache2/users/Shared.conf
[Edit first line to use directory "/Users/Shared/Sites/"]
httpd -k restart

# copy over default web pages to /Users/Shared/Sites
cp -p ~myusername/Sites/index.html /Users/Shared/Sites
cp -p ~myusername/Sites/images/macosxlogo.gif /Users/Shared/Sites/images
cp -p ~myusername/Sites/images/apache_pb.gif /Users/Shared/Sites/images
cp -p ~myusername/Sites/images/web_share.gif /Users/Shared/Sites/images

Now log out of root, and either under a new shell (bash/sh/tcsh/whatever) or a new Terminal window, you ought to be able to “cd ~Shared” to get to /Users/Shared. Sanity check your permissions using:
ls -ld /Users/Shared. If you don’t want all staff to have write access to /Users/Shared and below, then:
chmod -R g-w /Users/Shared

Now Stop/Start System Preferences>Sharing>Web Sharing, and point your browser to:

http://localhost/~Shared

That should work. Now host from /Users/Shared without anyone being able access to your home directory. If you edited /private/etc/apache2/httpd.conf to “Allow from all” as default, change this back to “Deny from all” as default, and restart httpd and Web Sharing.

]]> By: DronNick http://techtrouts.com/mac-os-x-105-web-sharing-forbidden-403-on-httplocalhostusername/comment-page-1/#comment-131 DronNick Tue, 25 May 2010 22:03:55 +0000 http://techtrouts.com/mac-os-x-105-web-sharing-forbidden-403-on-httplocalhostusername/#comment-131 chmod 701 ~ chmod 705 ~/Sites chmod 701 ~
chmod 705 ~/Sites

]]> By: Rich http://techtrouts.com/mac-os-x-105-web-sharing-forbidden-403-on-httplocalhostusername/comment-page-1/#comment-128 Rich Fri, 07 May 2010 20:18:41 +0000 http://techtrouts.com/mac-os-x-105-web-sharing-forbidden-403-on-httplocalhostusername/#comment-128 Thank you so much sir! I'm a noob to this stuff and spent the entire morning trying to figure this one out. Your post was the solution! Thank you so much sir! I’m a noob to this stuff and spent the entire morning trying to figure this one out. Your post was the solution!

]]> By: Ray http://techtrouts.com/mac-os-x-105-web-sharing-forbidden-403-on-httplocalhostusername/comment-page-1/#comment-123 Ray Sat, 24 Apr 2010 01:47:47 +0000 http://techtrouts.com/mac-os-x-105-web-sharing-forbidden-403-on-httplocalhostusername/#comment-123 You are brilliant, bravo. :) I didn't think they'd have "Deny all" in there, pfft You are brilliant, bravo. :)
I didn’t think they’d have “Deny all” in there, pfft

]]> By: Alex http://techtrouts.com/mac-os-x-105-web-sharing-forbidden-403-on-httplocalhostusername/comment-page-1/#comment-122 Alex Sun, 18 Apr 2010 04:32:29 +0000 http://techtrouts.com/mac-os-x-105-web-sharing-forbidden-403-on-httplocalhostusername/#comment-122 Please elaborate on "remember to adapt the "<Directory"/Users?..." comment. I have followed all of the instructions of this page with no results. Please elaborate on “remember to adapt the “<Directory"/Users?…" comment. I have followed all of the instructions of this page with no results.

]]> By: Catzhead http://techtrouts.com/mac-os-x-105-web-sharing-forbidden-403-on-httplocalhostusername/comment-page-1/#comment-118 Catzhead Fri, 12 Mar 2010 08:23:36 +0000 http://techtrouts.com/mac-os-x-105-web-sharing-forbidden-403-on-httplocalhostusername/#comment-118 Thanks for this post, very useful. For those like me who forgot that they moved their home directory to another volume, remember to adapt the "<Directory "/Users/..." to the correct location, e.g. "_< Thanks for this post, very useful.

For those like me who forgot that they moved their home directory to another volume, remember to adapt the “<Directory "/Users/…" to the correct location, e.g. "_<

]]> By: Mwandha Mufumbiro http://techtrouts.com/mac-os-x-105-web-sharing-forbidden-403-on-httplocalhostusername/comment-page-1/#comment-117 Mwandha Mufumbiro Fri, 05 Mar 2010 23:59:53 +0000 http://techtrouts.com/mac-os-x-105-web-sharing-forbidden-403-on-httplocalhostusername/#comment-117 your post is exceptional after timewasting in searches i got to your solution and believe me you it works magic. your post is exceptional after timewasting in searches i got to your solution and believe me you it works magic.

]]>