Files Folders Permission and Ownership:

Deploying a Laravel application to a production environment can be challenging at times. So, in this post, we will discuss how to deal with files folders permission and ownership problems.

Every developer wants his/her application to be setup in a secure environment when deploying it to a production server. One key area you should look at is the folder permissions because that could be the simple point of failure. Making the application venerable to hackers.

Security Issue: Files and Folders Permission

The first error you might get is due to improper file and folder permissions. Because of that most people quickly set their files and folders permission to 777 on the production server.

However, it is a bad practice to set your files and folders directory permission to 777, because that makes your server open to the world.

That approach makes it possible for anyone using the application to have read, write and execute permission on your production server.

Simply, anyone can read, write and execute files using your application. So, hackers can upload malicious files that damage your project.

Therefore, always avoid setting 777 Permission for your files and folders.

Setting Files Folders Permission and Ownership for Laravel 5:

Firstly, find the web server user, for apache it is www-data. But use the following command to check:

ps aux | egrep '(apache|httpd)'

The output should be similar to this:

root@new:/var/www/html# ps aux | egrep '(apache|httpd)'
root      1759  0.0  0.1 503792 49164 ?        Ss   Aug10   0:09 /usr/sbin/apache2 -k start
root     17344  0.0  0.0  13136   988 pts/0    S+   15:46   0:00 grep -E --color=auto (apache|httpd)
www-data 41090  0.0  0.2 522396 75612 ?        S    14:09   0:01 /usr/sbin/apache2 -k start
www-data 41185  0.0  0.2 516140 68920 ?        S    14:11   0:01 /usr/sbin/apache2 -k start
www-data 41805  0.0  0.2 522584 80692 ?        S    14:27   0:01 /usr/sbin/apache2 -k start
www-data 42333  0.0  0.2 524240 65612 ?        S    14:39   0:00 /usr/sbin/apache2 -k start
www-data 42890  0.0  0.2 524296 80380 ?        S    14:54   0:00 /usr/sbin/apache2 -k start
www-data 43618  0.0  0.2 526288 69388 ?        S    15:09   0:00 /usr/sbin/apache2 -k start
www-data 43619  0.0  0.2 522304 76708 ?        S    15:09   0:00 /usr/sbin/apache2 -k start
www-data 43620  0.0  0.2 522492 73348 ?        S    15:09   0:00 /usr/sbin/apache2 -k start
www-data 43891  0.0  0.1 513680 59224 ?        S    15:17   0:00 /usr/sbin/apache2 -k start
www-data 43941  0.0  0.1 513644 54344 ?        S    15:18   0:00 /usr/sbin/apache2 -k start

From the output, apache user is www-data.

Now, change the owner of the project directory to www-data using the following command:

sudo chown -R www-data:www-data /var/www/path/to/your/project/

Note: you must specify the path to the project directory

Set Folders permissions to 755 and file of your project to 644:

Files and Folders/Directories Permission:

Setting Folders/Directories Permission

The appropriate permissions to be given to your folders or directories is 755. The command below set the folder permissions for your project to 755:

sudo find /var/www/path/to/your/project/ -type d -exec chmod 755 {} \;

Setting Files Permissions:

The appropriate permissions for your files should be 644. Use the following command to set the file permissions for your project to 644:

sudo find /var/www/path/to/your/project/ -type f -exec chmod 664 {} \;

Giving the appropriate permissions and ownership to your project folders and files limit the end user’s permission to read-only and cannot write and execute malicious files on the production server.

Even though we have secure the files and folders Laravel still needs read-write permission to the storage and the cache folder.

Use the following commands to fix the read-write permission:

sudo chgrp -R www-data /var/www/path/to/your/project/storage /var/www/path/to/your/project/bootstrap/cache
sudo chmod -R ug+rwx /var/www/path/to/your/project/storage /var/www/path/to/your/project/bootstrap/cache

You can assign the same permission to your file upload directory as well.

Setting Permissions for SFTP/FTP Upload Files:

Add your user to the group using the following command:

sudo usermod -a -G www-data yourusername

Now change the ownership using the following command:

sudo chown -R root:www-data /var/www/path/to/your/project/

Finally, assign files and folder permissions using the following command:

sudo find /var/www/path/to/your/project/ -type f -exec chmod 664 {} \;    
sudo find /var/www/path/to/your/project/ -type d -exec chmod 775 {} \;

We can be sure that our production environment is relatively secure for the Laravel project.

Comments to: How to Securely Set Laravel 5 Files Folders Permission and Ownership Setup

Your email address will not be published. Required fields are marked *

Attach images - Only PNG, JPG, JPEG and GIF are supported.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Login

Welcome to Typer

Brief and amiable onboarding is the first thing a new user sees in the theme.
Join Typer
Registration is closed.
%d bloggers like this: