How to set up file permissions for Laravel?
Just to state the obvious for anyone viewing this discussion.... if you give any of your folders 777 permissions, you are allowing ANYONE to read, write and execute any file in that directory.... what this means is you have given ANYONE (any hacker or malicious person in the entire world) permission to upload ANY file, virus or any other file, and THEN execute that file...
IF YOU ARE SETTING YOUR FOLDER PERMISSIONS TO 777 YOU HAVE OPENED YOUR
SERVER TO ANYONE THAT CAN FIND THAT DIRECTORY. Clear enough??? :)
There are basically two ways to setup your ownership and permissions. Either you give yourself ownership or you make the webserver the owner of all files.
Webserver as owner (the way most people do it, and the Laravel doc's way):
assuming www-data (it could be something else) is your webserver user.
sudo chown -R www-data:www-data /path/to/your/laravel/root/directory
if you do that, the webserver owns all the files, and is also the group, and you will have some problems uploading files or working with files via FTP, because your FTP client will be logged in as you, not your webserver, so add your user to the webserver user group:
sudo usermod -a -G www-data ubuntu
Of course, this assumes your webserver is running as www-data (the Homestead default), and your user is ubuntu (it's vagrant if you are using Homestead).
Then you set all your directories to 755 and your files to 644...
SET file permissions
sudo find /path/to/your/laravel/root/directory -type f -exec chmod 644 {} \;
SET directory permissions
sudo find /path/to/your/laravel/root/directory -type d -exec chmod 755 {} \;
Your user as owner
I prefer to own all the directories and files (it makes working with everything much easier), so, go to your laravel root directory:
cd /var/www/html/laravel >> assuming this is your current root directory
sudo chown -R $USER:www-data .
Then I give both myself and the webserver permissions:
sudo find . -type f -exec chmod 664 {} \;
sudo find . -type d -exec chmod 775 {} \;
Then give the webserver the rights to read and write to storage and cache
Whichever way you set it up, then you need to give read and write permissions to the webserver for storage, cache and any other directories the webserver needs to upload or write too (depending on your situation), so run the commands from bashy above :
sudo chgrp -R www-data storage bootstrap/cache
sudo chmod -R ug+rwx storage bootstrap/cache
Now, you're secure and your website works, AND you can work with the files fairly easily
How to setup laravel file permission once and for all
Option 1 add www-data group to my-user:
sudo adduser www-data my-user
Option 2 change user of php-fpm into my-user (ref):
find options user and group in www.conf, and change it into [my-user] group=mygroup
Set Laravel storage permission to 777?
Here is the best solution that I found.
Step 1: chown the root directory:
sudo chown -R www-data:www-data /path/to/root
Step 2: Grant FTP for uploading and working with files (for using any FTP client):
sudo usermod -a -G www-data ubuntu
Step 3: Set file permission to 644:
sudo find /path/to/root -type f -exec chmod 644 {} \;
Step 4: Set directory permission to 755:
sudo find /path/to/root -type d -exec chmod 755 {} \;
Step 5: Give rights for web server to read and write storage and cache
sudo chgrp -R www-data storage bootstrap/cache
sudo chmod -R ug+rwx storage bootstrap/cache
Source: https://vijayasankarn.wordpress.com/2017/02/04/securely-setting-file-permissions-for-laravel-framework/
Correct permission for Laravel folders on server
These permissions should be set to 770
on the storage folder.
This will allow the owner of the directory (ideally the maintenance web admin) read/write/execute. And it will allow the web group (ideally the group that the maintenance web-admin and the web server user are both in) to have read/write/execute permission. The 0 means that other users have no permissions in the directory. The directory should be owned by the maintenance web admin, with it's ownership group set to the web group.
Example
chown -R mywebadmin:www-data /var/www/html/mysite.com/
chmod -R 750 /var/www/html/mysite.com/
chmod -R 770 /var/www/html/mysite.com/storage
Result
- /var/www/html/mysite.com - Owned by
mywebadmin
, Group iswww-data
- Owner can write/read/execute
- Group can read/execute
- Others can do nothing
- /var/www/html/mysite.com/storage - Owned by
mywebadmin
, Group iswww-data
- Owner can write/read/execute
- Group can write/read/execute
- Others can do nothing
There is a useful tool for generating these permissions if you have a hard time remembering them.
Note: It is extremely dangerous to have write access for the web user in the directory. A better option would be creating a PHP script that changes it's headers for
Content-Type
toapplication/octet-stream
and having the PHP script generate the file it needs interanally without writing to the file system.
Laravel proper permissions
This will work, as777
is a security risk
sudo chmod -R o+w storage/
sudo chmod -R 775 storage/
Related Topics
Is There a Use-Case For Singletons With Database Access in PHP
Send Email With PHP from HTML Form on Submit With the Same Script
PHP MySQLi_Connect: Authentication Method Unknown to the Client [Caching_Sha2_Password]
How to Create Custom Helper Functions in Laravel
How to Read If a Checkbox Is Checked in PHP
Replace Urls in Text With HTML Links
Delimiter Must Not Be Alphanumeric or Backslash and Preg_Match
Get $_Post from Multiple Checkboxes
What Is the Size Limit of a Post Request
What's Wrong With Using $_Request[]