事象 : Apacheを起動しようとしたら怒られた
$ apachectl start
(13)Permission denied: AH00091: httpd: could not open error log file /usr/local/var/log/httpd/error_log.
AH00015: Unable to open logs
原因 : Apacheのlogファイルに権限がないから
$ ls -l /usr/local/var/log/httpd/
total 16
-rw-r--r-- 1 root admin 1132 12 10 23:55 access_log
-rw-r--r-- 1 root admin 1358 12 10 23:53 error_log
対応 : Apacheのlogフォルダごと所有者を変える
これまでは 777 にしちゃえとかしていましたが調べると違うようなので・・・・そうよねセキュリティって普通ね
Most users will want to be able to modify their content without being root. The easiest way to achieve this is through the use of Unix Groups; you create a group to which you add your content editing user, then you add the httpd user to that group.
Note that this doesn't easilly extend to more than one user who needs to edit the files, since at that point you need to set Group write on the files. One would need to use ACL's to achive this.
FileSystemPermissions - Httpd Wiki
# Apacheを動かすユーザを確認する
$ cat /usr/local/etc/httpd/httpd.conf
#<省略>
<IfModule unixd_module>
#
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
#
User _www
Group _www
</IfModule>
#<省略>
# 「apache」ってグループを作ろうと思ったので使われていないかと空いているGIDを確認する
$ dscl . -list /Groups PrimaryGroupID | sort -k 2 -n
nobody -2
#<省略>
# グループを作る
$ sudo dscl . -create /Groups/apache PrimaryGroupID 531
# ユーザをグループに参加させる
$ sudo dscl . -append /Groups/apache GroupMembership _www
$ sudo dscl . -append /Groups/apache GroupMembership {自分}
# 確認してみる
$ sudo dscl . -read /Groups/apache
dsAttrTypeNative:record_daemon_version: 4850000
AppleMetaNodeLocation: /Local/Default
GeneratedUID: 4CFDE893-A9F2-4985-B1CC-8F7EA3812324
GroupMembership: _www {自分}
PrimaryGroupID: 531
RecordName: apache
RecordType: dsRecTypeStandard:Groups
# 所有者を変える
$ sudo chown -R {自分}:apache /usr/local/var/log/httpd/
Password:
$ ls -l /usr/local/var/log/httpd/
total 16
-rw-r--r-- 1 {自分} apache 1132 12 10 23:55 access_log
-rw-r--r-- 1 {自分} apache 1358 12 10 23:53 error_log
# めでたく起動した
$ apachectl start
$