Setting up secure file permissions for Laravel project

Often people set 777 permission for their folder and upload to their server. This is the serious security issue. If you haven’t noticed, then setting 777 permissions will make our server open and vulnerable to the world. This is a bad practice. 777 simply means anyone could read,write and execute permissions on your server. We wouldn’t want this right ?

We should always avoid 777 permission for our project. Now, the question is what is the right permission for our laravel folders ?

These are the permission i’m using right now for my projects. Let’s explore the given commands.

1. sudo chown $USER:$USER .env

This commands simply change the ownership to the current user. If you try echo $USER in your terminal , it will echo out the username for you.

2. sudo chown -R $USER:www-data storage bootstrap/cache

The file’s should be writable or should be controlled only by the current user. We just gave the full permission’s to the current user with a recursive flag making the changes to the folder and subfolders as a whole.

3. sudo chmod -R ug+rwx storage bootstrap/cache

u in ug refers to user but means the file or directory owner and g refers to group owner. rwx (Owner, Group, World) . This commands simply give all privileges to the user and group.

I’m not a linux specialist but there are the permission’s i usually give to my project files. If this seems not alright to you , you can alway’s drop in comments. We have an article for creating a bash script using this commands , click the link and learn more .Happy Coding 🙂

Sharing is caring!

Related Post