Give apache write access to DocumentRoot on dev server

Question

I've got apache running on my mac workstation (OS X 10.7, with the pre-installed copy of apache), and our web applications require write access to certain sections of the filesystem to run (usually just a tmp dir, but sometimes more than that).

We have (literally) thousands of clients, and I want to be able to quickly grab a copy of any website's code, and have it "just work", however I always need to manually modify the unix permissions of specific directories after pulling a client's website out of source control (the list of directories varies from one client to another, as it has changed over the years).

Since it's a dev server, firewalled off from the general internet, I would like to give apache/php write access to the entire DocumentRoot. How can I do this?

I tried chmod 777 on the DocumentRoot, but if I create a directory inside it, the permissions are still 755 (owner: me, group: wheel).

I think there should be a way to force all files created inside DocumentRoot to be 777 or perhaps 775, with the _www user added to the wheel group?

Abhi Beckert · Answer 1 · 2012-04-08T22:24:40.810

3

I was able to solve this by using ACL's, which supports inherited permissions:

sudo chmod -R +a '_www allow read,write,delete,add_file,add_subdirectory,file_inherit,directory_inherit' /Library/WebServer/Documents

Now, whenever I create a new directory or source control checkout in the DocumentRoot, the _www user has full read/write access.

edited Apr 08 '12 at 22:24

answered Apr 08 '12 at 22:18

Abhi Beckert

200
1
12

score 1 · Answer 2 · answered Apr 08 '12 at 12:30

1

setting your umask to 000 or 002 will give you the 777 or 775 create permissions you're looking for. Problem is, anything you create anywhere will get those permissions. If you're ok with 775, go for it. In not, you could make a mkwebdir command like so:

mkwebdir()
{
  umask 000;
  mkdir "$1";
  umask 022;
}

or even better, if you don't mind a sudo command in there:

mkwebdir()
{
  mkdir "$1" && sudo chown _www "$1"
}

then just do: mkwebdir username

answered Apr 08 '12 at 12:30

jerm

637
3
5

I'm hoping for a more seamless solution than creating a shell script. I don't typically use mkdir to create directories, I typically use subversion or git or my IDE, sometimes I also use `cp -r`. – Abhi Beckert Apr 08 '12 at 21:54

score 0 · Answer 3 · edited Apr 09 '12 at 07:04

0

You could try to use chown _www:wheel docroot and then chmod g+s after that setup umask as you need.

edited Apr 09 '12 at 07:04

Lucas Kauffman

16,880
9
58
93

answered Apr 08 '12 at 11:30

cikuraku

176
7

Give apache write access to DocumentRoot on dev server

3 Answers3