I wanted to test the assumption that every directory in the path to uploads must be executable by Apache. I was able to validate this by chmod o+x on each of these where needed:
/Users/ /Users/webclient/ /Users/webclient/Library/ /Users/webclient/Library/Application Support/ /Users/webclient/Library/Application Support/4D/ /Users/webclient/Library/Application Support/4D/com.aparajita/ /Users/webclient/Library/Application Support/4D/com.aparajita/Active4D/ /Users/webclient/Library/Application Support/4D/com.aparajita/Active4D/web/ /Users/webclient/Library/Application Support/4D/com.aparajita/Active4D/web/uploads/ I can now download files! However, I really don't like that anyone can execute in those paths and need to figure out how to specifically allow _www those privileges. -- Brad On 10/27/14 11:51 AM, "Perkins, Bradley D" <[email protected]> wrote: >If you mean a <Directory "/Users/webclient/Library/Application >Support/4D/com.aparajita/Active4D/web/uploads in my Apache config files I >don't. > >I added that and restarted Apache. Documents are still Forbidden. > >/Library/WebServer/Documents/TWP/docs has a symlink to >/Users/webclient/Library/Application >Support/4D/com.aparajita/Active4D/web/uploads > >In looking at my the old server configuration files https.conf simply has >this: > >## First, we configure the "default" to be a very restrictive set of >## features. >## ><Directory "/"> > Options FollowSymLinks > AllowOverride None ></Directory> > >The site specific virtual host configuration files have e.g. this: > ><Directory "/Library/WebServer/Documents/TWP"> > <IfModule mod_dav.c> > DAV Off > </IfModule> > Options All +MultiViews -ExecCGI -Indexes -Includes > AllowOverride None > </Directory> > >I never explicitly specified settings for docs/srts/ or paths to Active4D >files. > > >The only thing that is really different is that for V11 I was able to put >my Active4D files in >/Library/Application Support/4D/com.aparajita > >With v14 and A4D 6.1 I had to put them in >/Users/webclient/Library/Application Support/4D/com.aparajita > >I'm thinking that Apache was able to deal with A4D files in the system >root path, but not buried in a /User/... Path. > >I've done a lot of reading on this and I suspect that Apache requires >execute access to all folders in the path in order to serve files. Without >this, you'll get a HTTP 403 (forbidden). > >That would mean I would need to give Apache execute access to >/Users/ >/Users/webclient/ > >/Users/webclient/Library/ > >/Users/webclient/Library/Application Support/ > >/Users/webclient/Library/Application Support/4D/ > >/Users/webclient/Library/Application Support/4D/com.aparajita/ > >/Users/webclient/Library/Application Support/4D/com.aparajita/Active4D/ > >/Users/webclient/Library/Application >Support/4D/com.aparajita/Active4D/web/ > >/Users/webclient/Library/Application >Support/4D/com.aparajita/Active4D/web/uploads/ > >Setting the user or group to _www for most of those seems like a bad idea. >I have to admit that I don't know how set that explicitly for the _www >user with chmod. I expect this involves using ACLs. > >Thanks, > > >Brad > > > >On 10/27/14 10:30 AM, "Aparajita Fishman" <[email protected]> >wrote: > >>> I've tried what I think you are suggesting e.g., >>> >>> <Directory /Library/WebServer/Documents/TWP/docs/srts > >>> Options FollowSymLinks >>> AllowOverride None >>> </Directory> >> >> >>Do you have an entry for the target of the symlink, i.e. >>/Users/webclient/Library/Application >>Support/4D/com.aparajita/Active4D/web/uploads? >> >>Regards, >> >> Aparajita >> >>_______________________________________________ >>Active4D-dev mailing list >>[email protected] >>http://list.aparajitaworld.com/listinfo/active4d-dev >>Archives: http://active4d-nabble.aparajitaworld.com/ >> > > > _______________________________________________ Active4D-dev mailing list [email protected] http://list.aparajitaworld.com/listinfo/active4d-dev Archives: http://active4d-nabble.aparajitaworld.com/
