Note:
I'm cc'ing this back to the list, so that
others can correct anything I get wrong :)
On Fri, 21 Nov 2003, Gohaku wrote:
> On Friday, November 21, 2003, at 09:40 AM, Chris Devers wrote:
>
> > Apache runs under, which by default is www. The easiest way to fix
> > this is
> > probably to assign ownership of that file to the Apache account:
> >
> > $ sudo chown www hello.txt
> > $ sudo chmod u+w hello.txt
> >
> > Chances aren't bad that the script will work after that.
>
>
> You're right, the script worked.
Glad to hear that.
> But what if I want to create a new
> file? How do I do that?
> I ask because I would like to move these scripts to a webhost.
> Thanks.
One of the other commenters touched on this -- Sherm Pendley, I think
(he's a smart guy -- his posts are worth reading closely :).
Basically, if you want to work on an existing file, then you have to
verify the permissions on that file before Apache sends a script off to
work on it. That was the situation here.
On the other hand, if you want to create new files, then Apache needs to
have permission to work on the directory itself.
<arcana caveat="someone may wish to improve on this explanation">
According to purist Unix design philosophy, everything in the system is to
be treated as a file, where a file is defined as something like a stream
of data that you can perform various standard operations on (read from it,
write to it, etc).
(By way of comparison, according to purist relational database design
philosophy, everything in the system is to be treated as a table -- which
means that every time you issue a SQL statement on one table, the result
set you get back is effectively a new table -- and that in turn is why
it's usually trivial to do something like "INSERT INTO foo SELECT * FROM
bar" and it'll just work. But I digress from my digression.)
So anyway, everything in Unix is supposed to be a file. One example of
things that are files, even if they don't seem to be, is directories --
because a directory is just a file that contains a list of other files
(and some of which might themselves be directory-files, with lists of
their own).
</arcana>
Why does this matter? Because it means that the same basic operations &
rules apply to directories as they do to plain files. In particular, all
directories have file ownership & permission settings, the side effects of
which are often kind of easy to work out if you get the general idea about
how permissions work on simple files.
In this case, that means that the user account that Apache runs under, www
by default on Mac OS X, needs to be able to write to the directory-file in
question, in order to add new data to that file -- that is, to add new
files to that directory. Or remove them, or just to make any changes in
general.
So, if you want to work on /Library/WebServer/Documents/hello/data --
$ sudo chown www /Library/WebServer/Documents/hello/data
$ sudo chmod u+w /Library/WebServer/Documents/hello/data
And then the Apache user will be able to create or remove files from that
directory. (And of course, any files created will be made with that user's
default ownership & permissions, so you mostly don't have to worry about
that aspect of things -- creation of the files themselves was the real
problem at hand here.)
Make sense?
As I say, someone may wish to revise my description of the Unix
"everything is a file" notion, but the basic idea is pretty simple, and
once you get your head around it, it makes a lot of system behavior a lot
less surprising and a lot more predictable.
--
Chris Devers
