IF YOU ARE SETTING YOUR FOLDER PERMISSIONS TO 777 YOU HAVE OPENED YOUR SERVER TO ANYONE THAT CAN FIND THAT DIRECTORY.
There are basically two ways to setup your ownership and permissions. Either you give yourself ownership or you make the webserver the owner of all files.
Webserver as owner (Laravel doc’s way):
assuming www-data is your webserver user.
sudo chown -R www-data:www-data /path/laravel/root/directory
if you do that, the web-server owns all the files, and is also the group, and you will have some problems uploading files or working with files via FTP, because your FTP client will be logged in as you, not your web-server, so add your user to the web-server user group:
sudo usermod -a -G www-data ubuntu
Of course, this assumes your web-server is running as www-data (the Homestead default), and your user is ubuntu (its vagrant if you are using Homestead).
Then you set all your directories to 755 and your files to 644
sudo find /path/laravel/root/directory -type f -exec chmod 644 {} \;
sudo find /path/laravel/root/directory -type d -exec chmod 755 {} \;
Your user as owner
I prefer to own all the directories and files:
sudo chown -R my-user:www-data /path/laravel/root/directory
Then give both myself and the web-server permissions:
sudo find /path/laravel/root/directory -type f -exec chmod 664 {} \;
sudo find /path/laravel/root/directory -type d -exec chmod 775 {} \;
After give the web-server the rights to read and write to storage and cache
Whichever way you set it up, then you need to give read and write permissions to the web-server for storage, cache and any other directories the web-server needs to upload or write too , so run the commands from above :
sudo chgrp -R www-data storage bootstrap/cache sudo chmod -R ug+rwx storage bootstrap/cache
Now, you’re secure and your website works.
More info:
Leave A Comment?