I create a sparsebundle and mount it as a virtual drive for each development project I work on. This works great until I needed to add encryption to one of the projects for added security of my client's files.
When encryption is on Apache returns a 403 forbidden message. I was able to get around it by changing apache to run under my user and group but that's very bad for the security of my macbook.
Is there a better way to allow permissions for apache to access my encrypted drive?
When you create an encrypted disk image in OS X, it defaults to creating the enclosed volume with restrictive permissions -- the owner (whoever mounted it) gets full access, while group members and others get no access. The web server normally runs as the _www system user, so it falls into the other/no access category. You can check this easily at the command line:
$ ls -l /Volumes
total 8
drwx------ 6 gordon staff 272 Sep 30 11:30 Encrypted Volume
lrwxr-xr-x 1 root admin 1 Sep 27 17:11 Macintosh HD -> /
The "drwx------" means it's a directory ("d"); the owner (gordon) is allowed read, write, and execute access ("rwx"), the group (staff) is allowed no access ("---"); and others are allowed no access ("---").
The simple solution is to open up the volume permissions to allow group and others read-only access with chmod:
$ chmod go+rX /Volumes/Encrypted\ Volume
$ ls -l /Volumes
total 8
drwxr-xr-x 6 gordon staff 272 Sep 30 11:30 Encrypted Volume
lrwxr-xr-x 1 root admin 1 Sep 27 17:11 Macintosh HD -> /
It's possible (but unlikely) that individual directories and files inside the volume also have restrictive permissions set, in which case you'll need to adjust them similarly.
