Apache Webserver - How to Write to Dir/Files with Permissions Set at 755 Instead of 777

Apache Webserver - How to write to dir/files with permissions set at 755 instead of 777

You probably can't achieve this because the owner of the file is different than the user trying to perform an action on the file.

the permissions are:

owner-group-everyone

rwx-rwx-rwx

i.e.  111 = 7 which allows read/write and execute.  
101 = 5 which is just read and execute

you can't write to the file because your logged in user isn't part of the owner/group that has access to the file.

the final 7 (i.e. rwx-rwx-111(7)) means that globally, everyone has read/write access to that file.

how to fix this
In Linux, you can use the chown or chgrp command to achieve your desired results.

How to set up file permissions for Laravel?

Just to state the obvious for anyone viewing this discussion.... if you give any of your folders 777 permissions, you are allowing ANYONE to read, write and execute any file in that directory.... what this means is you have given ANYONE (any hacker or malicious person in the entire world) permission to upload ANY file, virus or any other file, and THEN execute that file...

IF YOU ARE SETTING YOUR FOLDER PERMISSIONS TO 777 YOU HAVE OPENED YOUR
SERVER TO ANYONE THAT CAN FIND THAT DIRECTORY. Clear enough??? :)

There are basically two ways to setup your ownership and permissions. Either you give yourself ownership or you make the webserver the owner of all files.

Webserver as owner (the way most people do it, and the Laravel doc's way):

assuming www-data (it could be something else) is your webserver user.

sudo chown -R www-data:www-data /path/to/your/laravel/root/directory

if you do that, the webserver owns all the files, and is also the group, and you will have some problems uploading files or working with files via FTP, because your FTP client will be logged in as you, not your webserver, so add your user to the webserver user group:

sudo usermod -a -G www-data ubuntu

Of course, this assumes your webserver is running as www-data (the Homestead default), and your user is ubuntu (it's vagrant if you are using Homestead).

Then you set all your directories to 755 and your files to 644...
SET file permissions

sudo find /path/to/your/laravel/root/directory -type f -exec chmod 644 {} \;    

SET directory permissions

sudo find /path/to/your/laravel/root/directory -type d -exec chmod 755 {} \;

Your user as owner

I prefer to own all the directories and files (it makes working with everything much easier), so, go to your laravel root directory:

cd /var/www/html/laravel >> assuming this is your current root directory

sudo chown -R $USER:www-data .

Then I give both myself and the webserver permissions:

sudo find . -type f -exec chmod 664 {} \;   
sudo find . -type d -exec chmod 775 {} \;

Then give the webserver the rights to read and write to storage and cache

Whichever way you set it up, then you need to give read and write permissions to the webserver for storage, cache and any other directories the webserver needs to upload or write too (depending on your situation), so run the commands from bashy above :

sudo chgrp -R www-data storage bootstrap/cache
sudo chmod -R ug+rwx storage bootstrap/cache

Now, you're secure and your website works, AND you can work with the files fairly easily

Permissions set to 777 and file still not writeable

I guess Apache runs as a different user/group than the user/group owning the file. In which case, the file itself needs to be 0777.

public only needs to be 0777 if you plan on adding files to the folder using PHP. Even if the folder itself is not 0777, if the file is and the folder has at least 5 for the user (read/execute), you should be able to write to the file.

In the end, your file tree should look like this:

public_html
    public
        file.txt  0777

Naturally, you won't be able to change those permissions using PHP, but you can do so from your FTP client.

If it still isn't working, PHP might be running in safe mode or you might be using an extension such as PHP Suhosin. You might get better result changing the owner of the file to the same user/group that is running the script.

To get the user/group id of the executing user, you may use the following:

<?php
echo getmyuid().':'.getmygid(); //ex:. 0:0
?>

Then, you may use chown (in the terminal) to change the owner of the file:

> chown 0:0 file.txt

How to set read/write permissions in Apache on a Windows computer

In Windows, access to directories/folders is set by right clicking the directory, and reading through the selections provided by the various tabs to set access and specific uses of the directory. Its not as fine-grained as CHMOD, but it was good enough for my purposes at the moment.

Apache permissions, PHP file create, MKDir fail

Please stop suggesting to use 777. You're making your file writeable by everyone, which pretty much means you lose all security that the permission system was designed for. If you suggest this, think about the consequences it may have on a poorly configured webserver: it would become incredibly easy to "hack" the website, by overwriting the files. So, don't.

Michael: there's a perfectly viable reason why your script can't create the directory, the user running PHP (that might be different from Apache) simply doesn't have sufficient permissions to do so. Instead of changing the permissions, I think you should solve the underlying problem, meaning your files have the wrong owner, or Apache or PHP is running under the wrong user.

Now, it seems like you have your own server installed. You can determine which user is running PHP by running a simple script that calls the 'whoami' program installed in most linuxes:

<?php
echo `whoami`;

If all is right, you should see the username PHP is running under. Depending on your OS, this might be 'www-data', 'nobody', 'http', or any variation. If your website is the only website running, this is easy to change by changing the user Apache runs under. If you have Debian, like I tend to, you can edit the file /etc/apache2/envvars (as root), and change the value for APACHE_RUN_USER. Depending on your OS, this variable might be set in a different configuration file, so if you can't find it in /etc/apache2/envvars, try to search for the variable declaration by using:

$ grep -R "APACHE_RUN_USER=" .

From the directory all apache-config files are in.

If you're not the only one on the server, you might want to consider creating user accounts for every website, and using something like Apache2-MPM-ITK to change the RUN_USER depending on which website is called. Also, make sure that the user the PHP process is running under is the owner of the files, and the directories. You can accomplish that by using chown:

% chown theuser:theuser -R /var/www/website/

If PHP is running with it's own user, and is the owner of the files and directories it needs to write in, the permission 700 would be enough. I tend to use 750 for most files myself though, as I generally have multiple users in that group, and they can have reading permissions. So, you can change the permissions:

% chmod 0750 -R /var/www/website/

That should be it. If you having issues, let us know, and please don't ever take up any advice that essentially tells you: if security is bothering you, remove the security.

Permission denied writing to one directory, but not the other -- both have same owner/group/755

Since you are using CentOS and and you've tried everything else, my guess would be something related to SELinux. One of the answers from this question may be helpful Forbidden You don't have permission to access on this server. Centos 6 / Laravel 4

Specifically try this to analyze SELinux permissions (ls -lZ) and temporarily disable SELinux:

If you're using CentOS it could be an issue with selinux. Check to see if selinux is enabled with 'sestatus'. If it is enabled, you can check to see if that is the issue (temporarily) using 'sudo setenforce 0'. If apache can serve the site, then you just need to change the context of the files recursively using 'sudo chcon -R -t httpd_sys_content_t' (you can check the existing context using 'ls -Z'.

---

Related Topics