macos Mac OS X 下 Apache 2 站点文件/文件夹的所有者/组/权限是否正确?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/2001881/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Correct owner/group/permissions for Apache 2 site files/folders under Mac OS X?
提问by Fo.
It's hard to find Mac-specific answers to this question on the web, so I'm hoping someone out there can put this one to rest for me? My permissions are screwed up on my sites and I'm not sure how to fix them without just slamming a recursive 777 on everything which is quite obviously incorrect.
很难在网络上找到针对此问题的 Mac 特定答案,所以我希望有人能帮我解决这个问题?我的权限在我的网站上被搞砸了,我不知道如何修复它们,而不只是在很明显不正确的所有内容上猛烈抨击递归 777。
Thanks!
谢谢!
回答by dkamins
This is the most restrictive and safest way I've found, as explained here for hypothetical ~/my/web/root/directory for your web content:
这是我发现的最严格和最安全的方法,如此处~/my/web/root/针对您的 Web 内容的假设目录所解释的那样:
- For each parent directory leading to your web root (e.g.
~/my,~/my/web,~/my/web/root):chmod go-rwx DIR(nobody other than owner can access content)chmod go+x DIR(to allow "users" including _www to "enter" the dir)
sudo chgrp -R _www ~/my/web/root(all web content is now group _www)chmod -R go-rwx ~/my/web/root(nobody other than owner can access web content)chmod -R g+rx ~/my/web/root(all web content is now readable/executable/enterable by _www)
- 对于通向您的 Web 根目录的每个父目录(例如
~/my,~/my/web,~/my/web/root):chmod go-rwx DIR(除所有者外,任何人都不能访问内容)chmod go+x DIR(允许包括 _www 在内的“用户”“输入”目录)
sudo chgrp -R _www ~/my/web/root(所有网页内容现在都归为_www组)chmod -R go-rwx ~/my/web/root(除所有者外,任何人都不能访问网络内容)chmod -R g+rx ~/my/web/root(所有网页内容现在都可以被 _www 读取/执行/输入)
All other solutions leave files open to other local users (who are part of the "staff" group as well as obviously being in the "o"/others group). These users may then freely browse and access DB configurations, source code, or other sensitive details in your web config files and scripts if such are part of your content. If this is not an issue for you, then by all means go with one of the simpler solutions.
所有其他解决方案都将文件对其他本地用户(他们是“staff”组的一部分以及显然在“o”/others 组中)开放。然后,这些用户可以自由浏览和访问您的 Web 配置文件和脚本中的数据库配置、源代码或其他敏感细节,如果这些是您内容的一部分。如果这对您来说不是问题,那么一定要选择一种更简单的解决方案。
回答by llange
If you really don't like the Terminal here is the GUI way to do dkamins is telling you :
如果你真的不喜欢这里的终端,dkamins 告诉你的 GUI 方式是:
1) Go to your user home directory (ludowould be mine) and from the Filemenu choose Get InfocmdIin the inspector :
1)转到您的用户主目录(ludo将是我的)并从文件菜单中选择检查器中的获取信息cmdI:
2) By alt/optionclicking on the [+]sign add the _wwwgroup and set it's permission to read-only:
2) 通过alt/option点击[+]符号添加_www组并将其权限设置为只读:
- Thus consider (good practice) not storing personnal information at the root of your user home folder (& hard disk) !
- You may skip this step if the **everyone** group has **read-only** permission but since AirDrop the **/Public/Drop Box** folder is mostly useless...
- 因此考虑(良好做法)不要将个人信息存储在用户主文件夹(和硬盘)的根目录下!
- 如果 **everyone** 组具有 **只读** 权限,您可以跳过此步骤,但由于 AirDrop **/Public/Drop Box** 文件夹几乎没用...
3) Show the Get Infoinspector of your user Sitesfolder and reproduce step 2 then from the gear action sub-menu choose Apply to enclosed Items...:
3) 显示您的用户站点文件夹的获取信息检查器并重现步骤 2,然后从齿轮操作子菜单中选择应用到封闭的项目...:
Voilà 3 steps and the GUI only way...
瞧 3 个步骤和 GUI 唯一的方式......
回答by mjswensen
I know this is an old post, but for anyone upgrading to Mountain Lion (10.8) and experiencing similar issues, adding FollowSymLinksto your {username}.conf file (in /etc/apache2/users/) did the trick for me. So the file looks like this:
我知道这是一篇旧帖子,但对于升级到 Mountain Lion (10.8) 并遇到类似问题的任何人来说,添加FollowSymLinks到您的 {username}.conf 文件(在 /etc/apache2/users/ 中)对我有用。所以文件看起来像这样:
<Directory "/Users/username/Sites/">
Options Indexes MultiViews FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
回答by Tim Mackey
2 month old thread, but better late than never! On 10.6, I have my webserver documents folder set to:
2 个月前的线程,但迟到总比不到好!在 10.6 上,我将网络服务器文档文件夹设置为:
owner:root
group:_www
permission:755
_www is the user that runs apache under Mac OS X. I then added an ACL to allow full permissions to the Administrators group. That way, I can still make any changes with my admin user without having to authenticate as root. Also, when I want to allow the webserver to write to a folder, I can simply chmod to 775, leaving everyone other than root:_www with only read/execute permissions (excluding any ACLs that I have applied)
_www 是在 Mac OS X 下运行 apache 的用户。然后我添加了一个 ACL 以允许对管理员组的完全权限。这样,我仍然可以对我的管理员用户进行任何更改,而无需以 root 身份进行身份验证。此外,当我想允许网络服务器写入文件夹时,我可以简单地将 chmod 更改为 775,让除 root:_www 之外的所有人都只有读取/执行权限(不包括我应用的任何 ACL)
回答by Steve Graham
On my 10.6 system:
在我的 10.6 系统上:
vhosts folder:
owner:root
group:wheel
permissions:755
vhost.conf files:
owner:root
group:wheel
permissions:644
回答by michalzuber
The user owner for me is the admin user and the group is _www and works with permissions set to 775 for dir and for files 664
我的用户所有者是 admin 用户,组是 _www 并且使用权限设置为 775 的 dir 和文件 664
回答by Sean_Codes
Catalina Update / Desktop Permissions
Catalina 更新/桌面权限
I come across this once a year on macOS. I usually use apache2 for hosting a folder on my desktop.
我每年都会在 macOS 上遇到这个问题。我通常使用 apache2 在我的桌面上托管一个文件夹。
If you are trying to give access to the desktopfolder you need to follow this to allow httpd to have access to all folders: https://apple.stackexchange.com/a/373139/353465
如果您尝试授予对desktop文件夹的访问权限,则需要按照此操作以允许 httpd 访问所有文件夹:https: //apple.stackexchange.com/a/373139/353465
回答by Sidharth kaushik
Open up terminal first and then go to directory of web server
首先打开终端,然后进入Web服务器目录
cd /Library/WebServer/Documents
and then type this and what you will do is you will give readand writepermission
然后输入这个,你会做的是你会给予read和write许可
sudo chmod -R o+w /Library/WebServer/Documents
This will surely work!
这肯定会奏效!
