I'm using Apache Web Server that has the owner set to _www:_www. I never know what is the best practice with file permissions, for example when I create new Laravel 5 project.
Laravel 5 requires /storage folder to be writable. I found plenty of different approaches to make it work and I usually end with making it 777 chmod recursively. I know it's not the best idea though.
The official doc says:
Laravel may require some permissions to be configured: folders within
storageandvendorrequire write access by the web server.
Does it mean that the web server needs access to the storage and vendor folders themselves too or just their current contents?
I assume that what is much better, is changing the owner instead of permissions. I changed all Laravel's files permissions recursively to _www:_www and that made the site work correctly, as if I changed chmod to 777. The problem is that now my text editor asks me for password each time I want to save any file and the same happens if I try to change anything in Finder, like for example copy a file.
What is the correct approach to solve these problems?
- Change
chmod - Change the owner of the files to match those of the web server and perhaps set the text editor (and Finder?) to skip asking for password, or make them use
sudo - Change the owner of the web server to match the os user (I don't know the consequences)
- Something else
ベストアンサー1
Just to state the obvious for anyone viewing this discussion.... if you give any of your folders 777 permissions, you are allowing ANYONE to read, write and execute any file in that directory.... what this means is you have given ANYONE (any hacker or malicious person in the entire world) permission to upload ANY file, virus or any other file, and THEN execute that file...
IF YOU ARE SETTING YOUR FOLDER PERMISSIONS TO 777 YOU HAVE OPENED YOUR SERVER TO ANYONE THAT CAN FIND THAT DIRECTORY. Clear enough??? :)
There are basically two ways to setup your ownership and permissions. Either you give yourself ownership or you make the webserver the owner of all files.
Webserver as owner (the way most people do it, and the Laravel doc's way):
assuming www-data (it could be something else) is your webserver user.
sudo chown -R www-data:www-data /path/to/your/laravel/root/directory
if you do that, the webserver owns all the files, and is also the group, and you will have some problems uploading files or working with files via FTP, because your FTP client will be logged in as you, not your webserver, so add your user to the webserver user group:
sudo usermod -a -G www-data ubuntu
Of course, this assumes your webserver is running as www-data (the Homestead default), and your user is ubuntu (it's vagrant if you are using Homestead).
Then you set all your directories to 755 and your files to 644... SET file permissions
sudo find /path/to/your/laravel/root/directory -type f -exec chmod 644 {} \;
ディレクトリ権限の設定
sudo find /path/to/your/laravel/root/directory -type d -exec chmod 755 {} \;
あなたのユーザーを所有者として
私はすべてのディレクトリとファイルを所有することを好みます (すべての作業がはるかに簡単になります)。そのため、Laravel ルート ディレクトリに移動します。
cd /var/www/html/laravel >> assuming this is your current root directory
sudo chown -R $USER:www-data 。
次に、自分自身と Web サーバーの両方に権限を付与します。
sudo find . -type f -exec chmod 664 {} \;
sudo find . -type d -exec chmod 775 {} \;
次に、ウェブサーバーにストレージとキャッシュの読み取りと書き込みの権限を与えます。
どちらの方法で設定する場合でも、Web サーバーにストレージ、キャッシュ、および Web サーバーがアップロードまたは書き込みを行う必要があるその他のディレクトリ (状況によって異なります) の読み取りおよび書き込み権限を与える必要があるため、上記の bashy からコマンドを実行します。
sudo chgrp -R www-データストレージ ブートストラップ/キャッシュ sudo chmod -R ug+rwx ストレージ ブートストラップ/キャッシュ
これで、ウェブサイトは安全になり、ファイルを簡単に操作できるようになります。