vortex’s blog

Last night before heading off to bed I decided to try Apple’s FileVault encryption on my MacBook Pro in an attempt to protect the data in my laptop’s home directory. Setup was simple and painless, and this morning I was presented with a login screen to allow me to login to my freshly encrypted home drive.

Logged in and proceeded to check everything was working as it should, and it appeared so, until I tried my Apache webserver.

I was unable to view websites hosted on the machine, particularly the development version of the VortexDVD website, of which I run a copy of on my laptop.

I did some simple trouble shooting and couldn’t immediately see the issue. Apple sets up an encrypted ’sparse disk image’ and copies your home directory contents into this. On login, it mounts the disk image as your home drive. There didn’t seem to be any changes to the path once logged in so I wasn’t immediately sure why my Apache server was failing on sites hosted in my home directory.

A quick Google revealed why: when you setup FileVault the home directory mount point permissions are changed to 700 (rwx——) which explains it. You could fix the problem by giving ‘other’ execute access to the directory but that would go against the whole idea of running FileVault in the first place! Instead, you need to use the ACL’s built into Leopard (and Tiger) to just allow the Apache process access to your home directory.

According to Mac OSX Hints you can give access to Apache (well, you actually give the access to a specific user) by issuing:

chmod +a "www allow search" /Users/username

which certainly worked for me. Before you issue the command, check which user your Apache server runs as by opening /etc/apache2/httpd.conf in a text editor and looking for the ‘User’ directive. The linked article above suggests that on Leopard that the Apache process runs as the user ‘_www’, but this wasnt the case for me. I’m running 10.5.2 and the user was most definitely ‘www’ rather than ‘_www’ as suggested.