How to setup laravel file permission once and for all

Question

I have followed this upvoted answer and did the following:

sudo chown -R my-user:www-data /var/www/domain.com/
sudo find /var/www/domain.com/ -type f -exec chmod 664 {} \;
sudo find /var/www/domain.com/ -type d -exec chmod 775 {} \;
sudo chgrp -R www-data /var/www/domain.com/storage /var/www/domain.com/bootstrap/cache
sudo chmod -R ug+rwx /var/www/domain.com/storage /var/www/domain.com/bootstrap/cache

Everything works fine, but whenever a directory (within the storage directory) is created by my-user and not www-data user, the webserver can't write to it or vice versa. Unless I rerun those commands after the directory has been created.

Notes: sometimes I run commands with my-user that create directories, and sometimes the www-data user create directories. (within the storage directory).

Also, my-user is already within the www-data group.

How can I avoid permission errors? without running all those commands again.

Answer 1

Give this a try:

# give the newly created files/directories the group of the parent directory 
# e.g. the laravel group

sudo find $project_Path/bootstrap/cache -type d -exec chmod g+s {} \;
sudo find $project_Path/storage -type d -exec chmod g+s {} \;

# let newly created files/directories inherit the default owner 
# permissions up to maximum permission of rwx e.g. new files get 664, 
# folders get 775

sudo setfacl -R -d -m g::rwx ./storage
sudo setfacl -R -d -m g::rwx ./bootstrap/cache

Answer 2

From the laravel documentation, https://laravel.com/docs/8.x/filesystem#local-files-and-visibility , you can set permissions of a filesystem in the config/filesystems.php file:

'local' => [
    'driver' => 'local',
    'root' => storage_path('app'),
    'permissions' => [
        'file' => [
            'public' => 0644,
            'private' => 0600,
        ],
        'dir' => [
            'public' => 0755,
            'private' => 0700,
        ],
    ],
],

Also from the docs:

Files may either be declared public or private. When a file is declared public, you are indicating that the file should generally be accessible to others. For example, when using the S3 driver, you may retrieve URLs for public files.

Answer 3

how 'bout sudo chown -R $USER:$USER * on your root of laravel project folder?
or
sudo chown -R $USER:$USER [laravel folder name] if you're outside/ in parent directory of you're laravel folder / project ?

Answer 4

Option 1 add www-data group to my-user:

sudo adduser www-data my-user

Option 2 change user of php-fpm into my-user (ref):

find options user and group in www.conf, and change it into [my-user] group=mygroup

Answer 5

My best solution would be to create an artisan command.

This way you dont use linux way of creating folder and setting up permissions every time.

So create an artisan command that executes as below

php artisan createStorageFolder:FolderName

This will automatically set user permission to apache:apache or similar. If not you can also execute linux/shell command to set the permission on artisan method.

Answer 6

You mentioned that your user belongs to the same group as the www-data user so the following from this answer might work (I tried it in ubuntu but similar steps might work in your *nix OS):

Type sudo gedit ~/.bashrc

Find and change any umask line to umask 002 this means that for you and your group all permissions can be set for new files and directories. In practice this means new files are created with 664 permissions and new directories with 775

This should cover new files created with your user account. Of course you need to be careful whenever you do sudo create this file because this will create it for the root user.

Note this is not a perfect solution as there are still things only the file owner and root user can do (changing owners or permissions for example) but it will probably cover most other cases