Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to set up file permissions for Laravel?

I'm using Apache Web Server that has the owner set to _www:_www. I never know what is the best practice with file permissions, for example when I create new Laravel 5 project.

Laravel 5 requires /storage folder to be writable. I found plenty of different approaches to make it work and I usually end with making it 777 chmod recursively. I know it's not the best idea though.

The official doc says:

Laravel may require some permissions to be configured: folders within storage and vendor require write access by the web server.

Does it mean that the web server needs access to the storage and vendor folders themselves too or just their current contents?

I assume that what is much better, is changing the owner instead of permissions. I changed all Laravel's files permissions recursively to _www:_www and that made the site work correctly, as if I changed chmod to 777. The problem is that now my text editor asks me for password each time I want to save any file and the same happens if I try to change anything in Finder, like for example copy a file.

What is the correct approach to solve these problems?

  1. Change chmod
  2. Change the owner of the files to match those of the web server and perhaps set the text editor (and Finder?) to skip asking for password, or make them use sudo
  3. Change the owner of the web server to match the os user (I don't know the consequences)
  4. Something else
like image 901
Robo Robok Avatar asked Jun 04 '15 08:06

Robo Robok


People also ask

How do I add permissions to laravel?

It's simple to create a new role or permission because, in Spatie's package, they're just models: Spatie\Permission\Models\Role and Spatie\Permission\Models\Permission . So, this means that if we want to create a new role in our system, we can do something like the following: $role = Role::create(['name' => 'editor']);

How do I change laravel .ENV file permission from 666 to 777?

For Windows, you'll need to right-click on the file, and there's a tab where you can modify the permissions. @anyber, its laravel project. During installation it writes . env file details through installer for this , it is requesting to change permission to 777 , read right and excution.

How do I set permissions to 755?

To set the permission to 755, run the following chmod command. What if the directory contains one or more sub-directories? To apply chmod 755 to all the subsequent files and directories, run chmod in recursive mode. Verify the changes using the ls command.


2 Answers

Just to state the obvious for anyone viewing this discussion.... if you give any of your folders 777 permissions, you are allowing ANYONE to read, write and execute any file in that directory.... what this means is you have given ANYONE (any hacker or malicious person in the entire world) permission to upload ANY file, virus or any other file, and THEN execute that file...

IF YOU ARE SETTING YOUR FOLDER PERMISSIONS TO 777 YOU HAVE OPENED YOUR SERVER TO ANYONE THAT CAN FIND THAT DIRECTORY. Clear enough??? :)

There are basically two ways to setup your ownership and permissions. Either you give yourself ownership or you make the webserver the owner of all files.

Webserver as owner (the way most people do it, and the Laravel doc's way):

assuming www-data (it could be something else) is your webserver user.

sudo chown -R www-data:www-data /path/to/your/laravel/root/directory

if you do that, the webserver owns all the files, and is also the group, and you will have some problems uploading files or working with files via FTP, because your FTP client will be logged in as you, not your webserver, so add your user to the webserver user group:

sudo usermod -a -G www-data ubuntu

Of course, this assumes your webserver is running as www-data (the Homestead default), and your user is ubuntu (it's vagrant if you are using Homestead).

Then you set all your directories to 755 and your files to 644... SET file permissions

sudo find /path/to/your/laravel/root/directory -type f -exec chmod 644 {} \;    

SET directory permissions

sudo find /path/to/your/laravel/root/directory -type d -exec chmod 755 {} \;

Your user as owner

I prefer to own all the directories and files (it makes working with everything much easier), so, go to your laravel root directory:

cd /var/www/html/laravel >> assuming this is your current root directory 
sudo chown -R $USER:www-data .

Then I give both myself and the webserver permissions:

sudo find . -type f -exec chmod 664 {} \;    sudo find . -type d -exec chmod 775 {} \;

Then give the webserver the rights to read and write to storage and cache

Whichever way you set it up, then you need to give read and write permissions to the webserver for storage, cache and any other directories the webserver needs to upload or write too (depending on your situation), so run the commands from bashy above :

sudo chgrp -R www-data storage bootstrap/cache sudo chmod -R ug+rwx storage bootstrap/cache

Now, you're secure and your website works, AND you can work with the files fairly easily

like image 53
bgies Avatar answered Sep 23 '22 00:09

bgies


The permissions for the storage and vendor folders should stay at 775, for obvious security reasons.

However, both your computer and your server Apache need to be able to write in these folders. Ex: when you run commands like php artisan, your computer needs to write in the logs file in storage.

All you need to do is to give ownership of the folders to Apache :

sudo chown -R www-data:www-data /path/to/your/project/vendor sudo chown -R www-data:www-data /path/to/your/project/storage 

Then you need to add your user (referenced by it's username) to the group to which the server Apache belongs. Like so :

sudo usermod -a -G www-data userName 

NOTE: Most frequently, the group name is www-data but in your case, replace it with _www

like image 43
BassMHL Avatar answered Sep 21 '22 00:09

BassMHL