macOS Forbidden 403, You don’t have permission to access /~username/ on this server

December 4, 2018 -

In macOS if your user personal or document web sharing is not working for a user and is generating a Forbidden 403 error but is OK at the other document root localhost level, the issue may be a configuration file for the user.

The higher document root level of http://localhost/ displays “It Works” but when going to the user level, http://localhost/~username/ you get the:

Forbidden 403, You don’t have permission to access /~username/ on this server

Check that you have a “username.conf” filed under:

/etc/apache2/users/

If you don’t, then create one named by the short username of the account with the suffix .conf:

Find your short username by typing in the Terminal

whoami

Change directory into the right directory:

cd /etc/apache2/users

sudo nano username.conf

Check Apache version

httpd -v

For macOS Apache 2.2

Then add the content below swapping in your username:

<Directory "/Users/username/Sites/">
Options Indexes MultiViews FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>

For macOS Apache 2.4

Then add the content below swapping in your username:

<Directory "/Users/username/Sites/">
AllowOverride All
Options Indexes MultiViews FollowSymLinks
Require all granted
</Directory>

Permissions on the file should be:

-rw-r--r--   1 root  wheel  298 Jun 28 16:47 username.conf

Restart apache

 sudo apachectl restart

Then all should be good.

Changing The Apache Web User

One of the frustrations of using the Users/username/Sites folder is the permissions issues with things like updates and authentication.

This is because the default webserver user which runs httpd is known as _www, which will not be the user in your local account. If your machine is only in use by you and the webserver will run only under your account then you can change the user and group values to your name and group, that way there will be less permission errors.

Find and change this in /etc/apache2/httpd.conf