Table of Contents
Introduction:
In this tutorial I will give you details on how you should deal with Laravel files and folders permission and ownership while working on Laravel project.
In current area of development security is most valuable part for the application, as a developer you should be very careful while uploading projects on server for the production.
Folder permissions is the key point for the security. if your miss these steps then your application will be giving an invitation to the hackers, in simple words it’s open to the word if you haven’t set a proper permission.
Second thing if you are a beginner or in intermediate phase of the Laravel Development then this tutorial is going to help you a lot.
I see developers use to make mistakes at the beginner level but no worries this tutorial is going to help you to be safe and secure.
Want to use AngularJS in Laravel 5 – Laravel 5 Angular JS File Upload
Busy? and need a quick fix? – All you need to execute in your Laravel application
If you are busy and do not have time to read or follow entire article here is a quick are the final or the overall command, you need to execute on you server:
$ cd /var/www/html/laravel >> this is your current root directory
$ sudo chown -R $USER:www-data .
$ sudo find . -type f -exec chmod 664 {} \;
$ sudo find . -type d -exec chmod 775 {} \;
$ sudo chgrp -R www-data storage bootstrap/cache
$ sudo chmod -R ug+rwx storage bootstrap/cache
Now, you’re all secure and your website works, if you need more information what this command are doing follow the entire article you will get to know each & every details.
Security Issue:
I often see people used to upload Laravel project on server and the first error they use get is the lack of file & folder permissions, and then they used to take quick action by setting files and folder permission to their folder to 777 and as soon as project started running, they are happy and never get worried about the 777.
However, if you notice this is really a bad practice if you do this meaning if you set 777 permission to your project directory that say your server is open to the world.
Meaning anyone that can visit to you application can have read, write and execute permission on your server.
In Simple words – anyone can read the data from your application, write the data and execute the files, so hackers can easily upload file or virus or malware and execute to damage your project and the data.
Wondering how your one wrong step impacts to the security of your application right?
`Always Avoid Setting 777 Permission to your Project`
Let’s fix this issue in the next step:
Set Laravel Files Folders Permission and Ownership:
First step you need take is find the web server user and that is very simple, for apache it is set to www-data, but do make sure by using following command, go ahead and ssh to your server by using terminal and run below command:
ps aux | egrep '(apache|httpd)'
You should get output similar to this:
www-data 19484 0.0 6.1 432140 62892 ? S 07:44 0:01 /usr/sbin/apache2 -k start www-data 19552 0.0 4.5 347716 45808 ? S 07:50 0:01 /usr/sbin/apache2 -k start www-data 19553 0.0 6.0 426104 61328 ? S 07:50 0:00 /usr/sbin/apache2 -k start www-data 19566 0.0 5.6 426876 57764 ? S 07:50 0:00 /usr/sbin/apache2 -k start www-data 19570 0.0 5.6 426312 57160 ? S 07:50 0:00 /usr/sbin/apache2 -k start www-data 19759 0.0 5.2 426332 53328 ? S 07:59 0:00 /usr/sbin/apache2 -k start www-data 19760 0.0 4.5 349176 46152 ? S 07:59 0:00 /usr/sbin/apache2 -k start www-data 20008 0.0 0.8 342060 8912 ? S 08:07 0:00 /usr/sbin/apache2 -k start root 20120 0.0 0.0 14992 976 pts/0 S+ 08:08 0:00 grep -E --color=auto (apache|httpd)
This output clearly saying that apache is running by `www-data`, so we get our user.
change the directory/project-directory owner to `www-data`, use following command:
sudo chown -R www-data:www-data /var/www/path/your/project/
Example: (replace example-project-name to your project directory name)
sudo chown -R www-data:www-data /var/www/example-project-name/
Set Folders permissions to 755 and file of your project to 644:
Folder/Directory Permissions:
sudo find /var/www/example-project-name/ -type d -exec chmod 755 {} \;
Files Permissions:
sudo find /var/www/example-project-name/ -type f -exec chmod 644 {} \;
By setting these permissions and ownership we are saying to server that web server owns these files and folder and end user access is limited to only read, so now user won’t be able to write or execute any file on the server.
Now we are safe and secure, but how about Laravel project if you run your project, it will give same issue, because Laravel still needs read and write access to the `storage` and `bootstrap/cache` folder, let’s fix this.
We can fix this by giving read and write access to web server:
cd /var/www/example-project-name/ sudo chgrp -R www-data storage bootstrap/cache sudo chmod -R ug+rwx storage bootstrap/cache
Keep in mind to assign this access to all your further folder as per your project requirements, for example you must be having a directory where you upload images or documents.
You are all good to run your project on server and if you try to run you Laravel project it should work.
Hang on you still need a little last step to follow, for sure you need to upload file from FTP or so. right ?
SFTP/FTP Upload Files Permissions:
This step is only for those having their project under development and who wants to keep uploading files using SFTP or FTP, so basically you need to own files and folders from the project so that you can have rights to modify and also keep in mind you mean the user you are going to use for login e.g., root or ubuntu.
Quick tip:
Do not use SFTP/FTP to manage your application codebase from local to production servers, instead you can try learning Git.
Simply add your user to the group:
sudo usermod -a -G www-data root
In the above step root can be replace by your username from the server it may be `ubuntu` if your working on AWS EC2 instance.
Next use following command to change ownership:
sudo chown -R root:www-data /var/www/example-project-name/
And finally assign files and folder permissions:
sudo find /var/www/example-project-name/ -type f -exec chmod 664 {} \; sudo find /var/www/example-project-name/ -type d -exec chmod 775 {} \;
Now you all set and secure to go with your Laravel site and it is going to be easy for you to play with files and folders.
Learn How to use VueJS with your Laravel project
This post was so useful. I’m an infrastructure guy and couldn’t care less about how a web application runs so long as it does run and it’s secure. This saved me (the entire post is relevant and working on 5.6.5)
The post is very useful. It helped me alot.
But the last step didn’t work for me “sudo usermod -a -G www-data root”
my user is default ubuntu. I am unable to upload my file. I am getting permission errors while uploading the files
Simply change command to –
sudo usermod -a -G www-data ubuntu
Yes I did, sudo usermod -a -G www-data ubuntu but in Owner/group www-data is coming for both.
Checkout the “SFTP/FTP Upload Files Permissions” new step updated to the tutorial which helps to setup correct file uploading permissions.
Perfect Man! Many thanks.
Now one more issue. I am also using GitHub to deploy my code at server besides sftp.
When I use GitHub pull again it changed my files group owner to “ubuntu ubuntu” but after running this your mentioned commands the group was “ubuntu www-data”
After running commands from section “SFTP/FTP Upload Files Permissions”
It changed my laravel files permissions to 755 like storage and others.
for the sftp why we need “sudo find /var/www/example-project-name/ -type f -exec chmod 664 {} ;”
will it work with the permission 644?