Error message "You don't have permission to access / on this server."

I had been running an Apache webserver under OS X El Capitan on my MacBook Pro laptop. After an upgrade on the laptop, now running OS X El Capitan (10.11.6), when I tried accessing the site via http://localhost, I saw a page with the title "403 Forbidden" and the following text displayed on the page:

When I had encountered the problem on another system once before, I had changed the file permissions on the user account on that system to provide search access for all accounts on the system. So I tried that again from a Terminal window to see if it made a difference:

$ ls -ld /Users/jasmith1
drwx------+ 34 jasmith1  1286109195  1156 Feb 18 20:40 /Users/jasmith1
$ chmod ga+x /Users/jasmith1
$  ls -ld /Users/jasmith1
drwx--x--x+ 34 jasmith1  1286109195  1156 Feb 18 21:08 /Users/jasmith1
$

I refreshed the page in the Firefox browser and I then had access to the website I created on the laptop. I'm the only user of the laptop, so I wasn't concerned about granting "execute" access for the directory to all accounts on the system. For directories, "execute permission allows the directory to be entered and used in a pathname."¹

The document root of the website is under /Users/jasmith1/Documents/www . The subdirectories in that path already had execute permission set for them.

$ ls -ld /Users/jasmith1/Documents
drwxr-xr-x+ 56 jasmith1  1286109195  1904 Feb  7 20:29 /Users/jasmith1/Documents
$ ls -ld /Users/jasmith1/Documents/www
drwxr-xr-x  15 jasmith1  1286109195  510 Dec 15 15:36 /Users/jasmith1/Documents/www
$

However, the next morning when I tried accessng localhost I again had the prior problem when I refreshed the page. I checked the permissions on the home directory for my account and found they had been reset to what they had been previously:

$ ls -ld ~
drwx------+ 34 jasmith1  1286109195  1156 Feb 19 11:49 /Users/jasmith1
$

So I then tried changing the permissions through the OS X Finder file manager. In the Finder, I clicked on Go and then chose Home.

I then clicked on File and chose Get Info.

I clicked on the arrowhead to the left of "Sharing & Permissions" to see the current folder permissions. The setting for "everyone" was "No access." I then clicked on "No Access" next to "everyone" and changed the selection from "No Access" to "Read & Write".

I closed the Info window and refreshed the browser tab for http://localhost. I was then able to access the files served by Apache. The file permissions for my home directory were then as follows:

$ ls -ld ~
drwx---rwx+ 36 jasmith1  1286109195  1224 Feb 27 16:08 /Users/jasmith1
$

When I tried accessing the homepage 4 hours and 5 minutes later, though, the permissions had reverted to what they had been previously.

Another option to deal with permissions issues for Apache, if you only have one account on a system that needs to run a web server, is to change the account under which Apache runs on the system. On an OS X system, Apache runs under the _www account. But you can have it run under another account by editing Apache's configuration file /etc/apache2/httpd.conf, if you have administrative level privileges on the system that will allow you to edit that file. In the file you will see the following section:

<IfModule unixd_module>
#
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
#
User _www
Group _www

</IfModule>

You can see that Apache is running under the _www account by using the ps command below.

$ ps -Af | grep httpd | grep -v grep
    0    97     1   0 10:57AM ??         0:01.79 /usr/sbin/httpd -D FOREGROUND
   70   526    97   0 10:57AM ??         0:00.05 /usr/sbin/httpd -D FOREGROUND
   70  4780    97   0 11:13AM ??         0:00.02 /usr/sbin/httpd -D FOREGROUND
   70 21878    97   0  5:24PM ??         0:00.01 /usr/sbin/httpd -D FOREGROUND
   70 21880    97   0  5:24PM ??         0:00.00 /usr/sbin/httpd -D FOREGROUND
   70 21881    97   0  5:24PM ??         0:00.01 /usr/sbin/httpd -D FOREGROUND
   70 21882    97   0  5:24PM ??         0:00.01 /usr/sbin/httpd -D FOREGROUND
   70 21883    97   0  5:24PM ??         0:00.00 /usr/sbin/httpd -D FOREGROUND
   70 21884    97   0  5:24PM ??         0:00.00 /usr/sbin/httpd -D FOREGROUND
   70 21885    97   0  5:24PM ??         0:00.00 /usr/sbin/httpd -D FOREGROUND
$

The first column is the userid (UID). I can see that the UID of 70 is the UID of the _www account by looking for "70" in the /etc/passwd file.

$ grep 70 /etc/passwd
_www:*:70:70:World Wide Web Server:/Library/WebServer:/usr/bin/false
$

To run the Apache software under your account you can change the value for User to be the "shortname" for your account. If you don't know the shortname, you can open a Terminal window and issue the whoami or id -p commands. E.g.:

$ whoami
jasmith1
$ id -p
uid	jasmith1
groups	513 access_bpf com.apple.sharepoint.group.1 everyone staff netaccounts _appserverusr admin _appserveradm _lpadmin _appstore _lpoperator _developer com.apple.access_ftp com.apple.access_screensharing com.apple.access_ssh
$

To run Apache under your account, replace the value for User with the shortname for your account and put staff as the value for Group in /etc/apache2/httpd.conf. E.g.:

User jasmith1
Group staff

After I restarted the Apache webserver software, I was again able to access webpages I had created through the Apache server software by putting http://localhost in a browser's address bar.

Related articles:

1. Running an Apache web server under OS X El Capitan
2. Linux File Permissions

References:

1. Linux System Programming: Talking Directly to the Kernel and C Library
   2nd Edition
   By Robert Love
   Page 19
2. macOS Sierra: Set permissions for items on your Mac
   Apple Support