How to deploy a Laravel project with right permission?


When deploying a Laravel project on your server, you always want to set it up by the ways that will ensure you don’t use or need root access for the created files. Grant right permission for project to make sure your project has the best security possible.

By default, your web service (e.g Apache or Nginx) will run with user www-data, it maybe different on others system. This article assume web service is running under www-data user.

Change ownership of your project

Change the ownership of your project from your user or anything else to www-data. It’s allow your webservice can more easier control your project. In additional, you should be change the group owner.

$ sudo chown -R www-data:www-data /path/to/your/laravel/project

Now the webservice will be owner of your laravel project, but you will have some problems uploading files or working with files via FTP protocol, because your FTP client will be logged in as you, not your webservice, so add your user to the webservice user group:

$ sudo usermod -a -G www-data $USER

Set permissions

All files in your project should be set to 644 permission. It means the owner of your project has read and write permission on all your files, the user in group and guest (public user) has read permission.

$ sudo find /path/to/your/laravel/project -type f -exec chmod 644 {} \;

And all directories should be set to 755 (even 700 will be ok)

$ sudo find /path/to/your/laravel/project -type d -exec chmod 755 {} \;

This command will grant read, write and execute permission to owner of your project. User in group and guest has read and execute permission.

Give rights to webservice to read & write to storage and cache

Whichever way you set it up, then you need to give read and write permissions to the webservice for storage, cache and any other directories the webservice needs to upload or write too (depending on your situation), so run the commands below:

$ sudo chgrp -R www-data storage bootstrap/cache
$ sudo chmod -R ug+rwx storage bootstrap/cache

Now you are secure, your website works well and you can work with the fies easily.

Trả lời

Email của bạn sẽ không được hiển thị công khai. Các trường bắt buộc được đánh dấu *