If you give 777 permissions to any folder, it allows anyone to read, modify, and execute any file in the directory. This means that you have given anyone (any hacker or malicious person in the whole world) permission to upload any file, virus or any other file and then execute that file.
If you are setting your folder permissions to 777, then you have opened your server to anyone who can find the directory. do you understand?
The anyone flag means any user, not anyone. You still need server access.
There are basically two ways to set your ownership and permissions. Either give yourself ownership or make the web server the owner of all files.
[Related recommendations: The latest five Laravel video tutorials]
Webserver as the owner (the approach of most people, and the approach of Laravel doc) :
Assume www-data
is your web service user (it may be another name).
sudo chown -R www-data:www-data /path/to/your/laravel/root/directory
If you do this, the files owned by the web service will also become this group, so there will be some problems when you use FTP to upload files, because the FTP client will use your account to log in, not your web service, so you should add your user to the web service's user group.
sudo usermod -a -G www-data ubuntu
Of course, this assumes that your web service is running as the www-data user (Homestead default), and that your user is ubuntu (or vagrant if in Homestead). Then set all your directories to 755 and all your files to 644.
sudo find /path/to/your/laravel/root/directory -type f -exec chmod 644 {} \;
Set directory permissions
sudo find /path/to/your/laravel/root/directory -type d -exec chmod 755 {} \;
Your user as owner
I prefer to own all directories and files (this makes handling anything are easier), so, go to the laravel root directory:
cd /var/www/html/laravel >> assuming this is your current root directory
sudo chown -R $USER:www-data .
Then I give myself and the website server two permissions:
sudo find . -type f -exec chmod 664 {} \; sudo find . -type d -exec chmod 775 {} \;
Then give the website server read and write storage and cache Rights
No matter how you set it up, you will need to give the web server read and write permissions for storage, caching, and any other directories that the web server needs to upload or write to (it's up to you situation), so run the following command:
sudo chgrp -R www-data storage bootstrap/cache sudo chmod -R ug+rwx storage bootstrap/cache
Now, your website is secure and you can easily handle these files
Original address: https:// stackoverflow.com/questions/30639174/how-to-set-up-file-permissions-for-laravel
Translation address: https://learnku.com/laravel/t/62112
The above is the detailed content of Do you know how to set Laravel directory permissions? (two methods). For more information, please follow other related articles on the PHP Chinese website!