在Mac OS X下的Apache 2站点文件/文件夹的正确所有者/组/权限?

时间:2022-04-26 07:27:55

It's hard to find Mac-specific answers to this question on the web, so I'm hoping someone out there can put this one to rest for me? My permissions are screwed up on my sites and I'm not sure how to fix them without just slamming a recursive 777 on everything which is quite obviously incorrect.

在网络上很难找到这个问题的具体答案,所以我希望有人能帮我解决这个问题。我的权限在我的网站上被搞砸了,我不知道该如何修复它们,而不只是在所有明显不正确的事情上用递归的777。

Thanks!

谢谢!

7 个解决方案

#1


176  

This is the most restrictive and safest way I've found, as explained here for hypothetical ~/my/web/root/ directory for your web content:

这是我所发现的最严格、最安全的方法,正如我在这里为您的web内容所作的假设~/my/web/root/目录所解释的那样:

  • For each parent directory leading to your web root (e.g. ~/my, ~/my/web, ~/my/web/root):
    • chmod go-rwx DIR (nobody other than owner can access content)
    • chmod go-rwx DIR(除了所有者之外没有人可以访问内容)
    • chmod go+x DIR (to allow "users" including _www to "enter" the dir)
    • chmod go+x目录(允许“用户”包括_www“输入”DIR)
  • 对于每个指向您的web根目录的父目录(例如~/my, ~/my/web, ~/my/web/root): chmod go-rwx DIR(除所有者之外没有其他人可以访问内容)chmod go+x DIR(允许“用户”包括_www“输入”DIR)
  • sudo chgrp -R _www ~/my/web/root (all web content is now group _www)
  • sudo chgrp -R _www ~/my/web/root(所有web内容现在都是group _www)
  • chmod -R go-rwx ~/my/web/root (nobody other than owner can access web content)
  • chmod -R go-rwx ~/my/web/root(除了所有者之外没有其他人可以访问web内容)
  • chmod -R g+rx ~/my/web/root (all web content is now readable/executable/enterable by _www)
  • chmod -R g+rx ~/my/web/root(所有web内容现在都可读/可执行/可输入)

All other solutions leave files open to other local users (who are part of the "staff" group as well as obviously being in the "o"/others group). These users may then freely browse and access DB configurations, source code, or other sensitive details in your web config files and scripts if such are part of your content. If this is not an issue for you, then by all means go with one of the simpler solutions.

所有其他解决方案都将文件开放给其他本地用户(这些用户是“工作人员”组的一部分,并且很明显处于“o”/其他组中)。这些用户可以在您的web配置文件和脚本中*浏览和访问DB配置、源代码或其他敏感的细节,如果这些内容是您的内容的一部分。如果这对你来说不是问题,那么你可以选择一个更简单的解决方案。

#2


25  

If you really don't like the Terminal here is the GUI way to do dkamins is telling you :

如果你真的不喜欢这里的终端,你可以用GUI来做dkamins告诉你:

1) Go to your user home directory (ludo would be mine) and from the File menu choose Get Info cmdI in the inspector :

1)到您的用户主目录(ludo将是我的),从文件菜单中选择在检查器中获取信息cmdI:

在Mac OS X下的Apache 2站点文件/文件夹的正确所有者/组/权限?

2) By alt/option clicking on the [+] sign add the _www group and set it's permission to read-only :

2)通过alt/option点击[+]符号添加_www组,并设置为只读:

在Mac OS X下的Apache 2站点文件/文件夹的正确所有者/组/权限?

  • Thus consider (good practice) not storing personnal information at the root of your user home folder (& hard disk) !
  • 因此,请考虑(良好的实践)不将个人信息存储在您的用户主文件夹的根目录(&硬盘)!
  • You may skip this step if the **everyone** group has **read-only** permission but since AirDrop the **/Public/Drop Box** folder is mostly useless...
  • 如果** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** **

3) Show the Get Info inspector of your user Sites folder and reproduce step 2 then from the gear action sub-menu choose Apply to enclosed Items... :

3)显示你的用户站点文件夹的Get Info inspector,然后从gear操作子菜单中选择应用到封闭项中……:

在Mac OS X下的Apache 2站点文件/文件夹的正确所有者/组/权限?

Voilà 3 steps and the GUI only way...

Voila 3级和GUI只有…

#3


13  

I know this is an old post, but for anyone upgrading to Mountain Lion (10.8) and experiencing similar issues, adding FollowSymLinks to your {username}.conf file (in /etc/apache2/users/) did the trick for me. So the file looks like this:

我知道这是一个古老的帖子,但是对于任何升级到Mountain Lion(10.8)并经历类似问题的人来说,在您的{用户名}中添加FollowSymLinks。conf文件(在/etc/apache2/users/中)为我做了这个魔术。文件是这样的:

<Directory "/Users/username/Sites/">
  Options Indexes MultiViews FollowSymLinks
  AllowOverride All
  Order allow,deny
  Allow from all
</Directory>

#4


9  

2 month old thread, but better late than never! On 10.6, I have my webserver documents folder set to:

2个月大的线程,但迟做总比不做好!在10.6中,我将webserver文档文件夹设置为:

owner:root
group:_www
permission:755

_www is the user that runs apache under Mac OS X. I then added an ACL to allow full permissions to the Administrators group. That way, I can still make any changes with my admin user without having to authenticate as root. Also, when I want to allow the webserver to write to a folder, I can simply chmod to 775, leaving everyone other than root:_www with only read/execute permissions (excluding any ACLs that I have applied)

_www是在Mac OS x下运行apache的用户,然后添加了一个ACL,以允许管理员组获得完全权限。这样,我仍然可以与管理用户进行任何更改,而不必以root身份进行身份验证。另外,当我想让webserver写入文件夹时,我可以简单地将chmod设置为775,而不是root:_www只允许读取/执行权限(不包括我所应用的任何acl)

#5


4  

On my 10.6 system:

我的10.6系统:

vhosts folder:
 owner:root
 group:wheel
 permissions:755

vhost.conf files:
 owner:root
 group:wheel
 permissions:644

#6


0  

The user owner for me is the admin user and the group is _www and works with permissions set to 775 for dir and for files 664

我的用户所有者是admin用户,这个组是_www,并且对dir和文件664的权限设置为775。

#7


-2  

Open up terminal first and then go to directory of web server

首先打开终端,然后转到web服务器的目录。

cd /Library/WebServer/Documents

and then type this and what you will do is you will give read and write permission

然后键入这个,你要做的是你会给出读和写权限。

sudo chmod -R o+w /Library/WebServer/Documents

This will surely work!

这肯定会工作!

#1


176  

This is the most restrictive and safest way I've found, as explained here for hypothetical ~/my/web/root/ directory for your web content:

这是我所发现的最严格、最安全的方法,正如我在这里为您的web内容所作的假设~/my/web/root/目录所解释的那样:

  • For each parent directory leading to your web root (e.g. ~/my, ~/my/web, ~/my/web/root):
    • chmod go-rwx DIR (nobody other than owner can access content)
    • chmod go-rwx DIR(除了所有者之外没有人可以访问内容)
    • chmod go+x DIR (to allow "users" including _www to "enter" the dir)
    • chmod go+x目录(允许“用户”包括_www“输入”DIR)
  • 对于每个指向您的web根目录的父目录(例如~/my, ~/my/web, ~/my/web/root): chmod go-rwx DIR(除所有者之外没有其他人可以访问内容)chmod go+x DIR(允许“用户”包括_www“输入”DIR)
  • sudo chgrp -R _www ~/my/web/root (all web content is now group _www)
  • sudo chgrp -R _www ~/my/web/root(所有web内容现在都是group _www)
  • chmod -R go-rwx ~/my/web/root (nobody other than owner can access web content)
  • chmod -R go-rwx ~/my/web/root(除了所有者之外没有其他人可以访问web内容)
  • chmod -R g+rx ~/my/web/root (all web content is now readable/executable/enterable by _www)
  • chmod -R g+rx ~/my/web/root(所有web内容现在都可读/可执行/可输入)

All other solutions leave files open to other local users (who are part of the "staff" group as well as obviously being in the "o"/others group). These users may then freely browse and access DB configurations, source code, or other sensitive details in your web config files and scripts if such are part of your content. If this is not an issue for you, then by all means go with one of the simpler solutions.

所有其他解决方案都将文件开放给其他本地用户(这些用户是“工作人员”组的一部分,并且很明显处于“o”/其他组中)。这些用户可以在您的web配置文件和脚本中*浏览和访问DB配置、源代码或其他敏感的细节,如果这些内容是您的内容的一部分。如果这对你来说不是问题,那么你可以选择一个更简单的解决方案。

#2


25  

If you really don't like the Terminal here is the GUI way to do dkamins is telling you :

如果你真的不喜欢这里的终端,你可以用GUI来做dkamins告诉你:

1) Go to your user home directory (ludo would be mine) and from the File menu choose Get Info cmdI in the inspector :

1)到您的用户主目录(ludo将是我的),从文件菜单中选择在检查器中获取信息cmdI:

在Mac OS X下的Apache 2站点文件/文件夹的正确所有者/组/权限?

2) By alt/option clicking on the [+] sign add the _www group and set it's permission to read-only :

2)通过alt/option点击[+]符号添加_www组,并设置为只读:

在Mac OS X下的Apache 2站点文件/文件夹的正确所有者/组/权限?

  • Thus consider (good practice) not storing personnal information at the root of your user home folder (& hard disk) !
  • 因此,请考虑(良好的实践)不将个人信息存储在您的用户主文件夹的根目录(&硬盘)!
  • You may skip this step if the **everyone** group has **read-only** permission but since AirDrop the **/Public/Drop Box** folder is mostly useless...
  • 如果** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** **

3) Show the Get Info inspector of your user Sites folder and reproduce step 2 then from the gear action sub-menu choose Apply to enclosed Items... :

3)显示你的用户站点文件夹的Get Info inspector,然后从gear操作子菜单中选择应用到封闭项中……:

在Mac OS X下的Apache 2站点文件/文件夹的正确所有者/组/权限?

Voilà 3 steps and the GUI only way...

Voila 3级和GUI只有…

#3


13  

I know this is an old post, but for anyone upgrading to Mountain Lion (10.8) and experiencing similar issues, adding FollowSymLinks to your {username}.conf file (in /etc/apache2/users/) did the trick for me. So the file looks like this:

我知道这是一个古老的帖子,但是对于任何升级到Mountain Lion(10.8)并经历类似问题的人来说,在您的{用户名}中添加FollowSymLinks。conf文件(在/etc/apache2/users/中)为我做了这个魔术。文件是这样的:

<Directory "/Users/username/Sites/">
  Options Indexes MultiViews FollowSymLinks
  AllowOverride All
  Order allow,deny
  Allow from all
</Directory>

#4


9  

2 month old thread, but better late than never! On 10.6, I have my webserver documents folder set to:

2个月大的线程,但迟做总比不做好!在10.6中,我将webserver文档文件夹设置为:

owner:root
group:_www
permission:755

_www is the user that runs apache under Mac OS X. I then added an ACL to allow full permissions to the Administrators group. That way, I can still make any changes with my admin user without having to authenticate as root. Also, when I want to allow the webserver to write to a folder, I can simply chmod to 775, leaving everyone other than root:_www with only read/execute permissions (excluding any ACLs that I have applied)

_www是在Mac OS x下运行apache的用户,然后添加了一个ACL,以允许管理员组获得完全权限。这样,我仍然可以与管理用户进行任何更改,而不必以root身份进行身份验证。另外,当我想让webserver写入文件夹时,我可以简单地将chmod设置为775,而不是root:_www只允许读取/执行权限(不包括我所应用的任何acl)

#5


4  

On my 10.6 system:

我的10.6系统:

vhosts folder:
 owner:root
 group:wheel
 permissions:755

vhost.conf files:
 owner:root
 group:wheel
 permissions:644

#6


0  

The user owner for me is the admin user and the group is _www and works with permissions set to 775 for dir and for files 664

我的用户所有者是admin用户,这个组是_www,并且对dir和文件664的权限设置为775。

#7


-2  

Open up terminal first and then go to directory of web server

首先打开终端,然后转到web服务器的目录。

cd /Library/WebServer/Documents

and then type this and what you will do is you will give read and write permission

然后键入这个,你要做的是你会给出读和写权限。

sudo chmod -R o+w /Library/WebServer/Documents

This will surely work!

这肯定会工作!