Problem
I’m using Apache Web Server that has the folder owner set to _www:_www. I keep forgetting about the best practice when it comes to file permissions, for example when I create a new Laravel 5 project.
Does this mean that Apache needs access to the storage and vendor folders as well or just their current contents?
Laravel 5 requires /storage folder to be writable. Despite not being the best idea, I have been setting the 777 permission for the folder
The official documentation says:
Laravel may require some permissions to be configured: folders within storage and vendor require write access by the web server.
I understand that it might be a lot better if I would just change the owner instead of the permissions.
But now I am having issues with my editor, always asking me for passwords whenever I want to save a file.
What would be the best way of solving these issues ?
Solution
Before giving the final answer, I just want to state the obvious. If you want to give any folder a 777 permission, you are pretty much-inviting everyone to read, write, and execute files in that directory.
There are basically two ways to set up your ownership and permissions:
- Give yourself ownership
- Make the webserver the owner of all files.
The second is how most people do and that’s what Laravel suggests.
assuming www-data is your web server user, you can run:
sudo chown -R www-data:www-data /path/to/your/laravel-directoryAnd this is good, because your webserver will own files and can execute. The bad part is that your logged in user (either via FTP or SSH) will probably be a different user so what you want to do is to add this user to the webserver group:sudo usermod -a -G www-data ubuntu
Of course, this assumes your webserver is running as www-data (the Homestead default), and your user is ubuntu (it’s vagrant if you are using Homestead).
Then, a good practice is to set all your directories to 755 and all of your files to 644… SET file permissions using the following command:
sudo find /path/to/your/laravel-directory -type f -exec chmod 644 {} \\;SET directory permissions:
sudo find /path/to/your/laravel-directory -type d -exec chmod 755 {} \\;Your user as owner
What I prefer is to own all the directories and files I am working with (it makes working with everything much easier), so I do:sudo chown -R my-user:www-data /path/to/your/laravel-directory
Then I can just give these permissions to myself and the webserver user:
sudo find /path/to/your/laravel-directory -type f -exec chmod 664 {} \\;sudo find /path/to/your/laravel-directory -type d -exec chmod 775 {} \\;One thing you don’t want to forget is to give the webserver access to read and write files in the cache folder
Your webserver will need to upload and store data as well so make sure you give the permissions for the storage folder as well:
sudo chgrp -R www-data storage bootstrap/cache
sudo chmod -R ug+rwx storage bootstrap/cache