Archive for the ‘ Snow Leopard ’ Category

Using Access Control List for web-development

Who doesn’t know that situation? You’re implementing a feature (e.g.: a file upload :-P) in whatever language you like and when you test it it fails because the web server has no permissions whatsoever to write to that directory. Bummer!

There are quite a few different ways to handle that: chmod 777, chown -R webServer, run the web server as you, suEXEC… but they all bring their own bunch of problems with them (which I won’t pursue in-depth now). The imho most elegant solution are Access Control Lists. With ACLs you get everything you need and when done properly, will render permission problems a thing of the past.

The following commands do basically the same just on two different operating systems. They grant the web-server user (_www/www-data) and me (pubmem) all rights in the directory foo and it’s subdirectories and set default ACL rights that future files/directories will inherit. The last commands (ls and getfacl respectively) allow you to review the ACLs set. For further information regarding the flags RTM. 😉
OS X (10.6):

chmod -R +a 'pubmem allow read,write,delete,add_file,add_subdirectory,file_inherit,directory_inherit' foo
chmod -R +a '_www allow read,write,delete,add_file,add_subdirectory,file_inherit,directory_inherit' foo
ls -led foo

Ubuntu 10.04:

setfacl -R -m u:www-data:rwx,d:u:www-data:rwx,u:pubmem:rwx,d:u:pubmem:rwx foo
getfacl foo


Flash EFI firmware update manually on a Mac(Book 5,1)

So, you find yourself in the need to flash an EFI update by hand on a mac??  That’s awesome, I was in the same situation! My story is quite funny, it all started….nah, just kidding! First things first, I’ll tell you my story afterwards. 😉 Continue reading

Append apache to www user on Mac OS X 10.6

As a vivid user of Gentoo Prefix I normally don’t mind getting my hands dirty. 😉
But from time to time, when I install or update apache, I forget to change Gentoo’s default “apache” user to OS X’s “www”. And then I wonder why apache does not start anymore. 😦

But thanks to a colleague of mine and dscl, the Directory Service (aka Apple’s LDAP implementation) command line utility integrated in 10.6, this will come to an end:

# Add apache to the system default web-server user
sudo dscl . -append /Users/www RecordName apache

# And don't forget the group
sudo dscl . -append /Groups/www RecordName apache

# It succeeds without feedback, so better check it ^^
sudo dscl . -read /Users/www
sudo dscl . -read /Groups/www

Awesome! Now I don’t have to alter httpd.conf, watch dispatch-conf closely after upgrading apache or alter some obscure webapp-config files anymore because they can’t find the apache user! 😉


  • man(8) dscl