Introduction
File Permission is the most important thing on the web in general and defines who you are and what to do on the web, in the other words by giving the permission to specific files, you are telling a story of how and what other users can do with your file.
Requisite
You must know how to access the server (e.g. Digital Ocean Droplets) and you are familiar with some basic Unix command and laravel basics with deployment steps of course.
Linux File Permission
If you are already familiar with File Permissions and wants to know how to set up the those permissions in laravel app, you can just jump this section.
This article is not for the Linux file permissions, I just want to tell you the basics and what are you doing and pasting in your terminal, because you must know how these things works, not just copy and paste commands, you will never learn something of meaning with these methods (Copy → paste).
Permission Groups
So, in Linux world Everything is a file and each file/directory has three user based permission groups:
- Owner: The Owner permissions apply only to the owner of the file or directory, they will not impact the actions of the other users, meaning: he stands in his own and no one can share with him the same file he owns it (selfish right?)
- Group: The group permissions apply only to the group that has been assigned to the file or directory, they will not affect the actions of the other users, meaning. If you are in a specific group (e.g: party) your actions can affect other groups (e.g: meeting)
- All Users: The Users permissions apply to all other users on the system, this is the permission group that you want to watch the most. Because You are in place everyone does what ever they want.
Permission Type
Like groups, there are permissions also and each file/directory has three basic permission types:
- Read: The Read permission refers to a user's capability to read the contents of the file
- write: Write permissions refer to a user's capability to write or modify a file or directory
- execute: Execute permission affects a user's capability to execute a file or view the contents of a directory.
Viewing the Permissions
So, After we knew about permission and groups we must know how to view them right? It's simply checking the file or directory permission by typing in your terminal (Command line)
1ls -laAnd in some modern Linux systems/OSX
1llAnd if we do for example ls -la app inside the laravel project. The permission in the terminal is displayed as:
1total 282drwxr-xr-x 7 coderflex coderflex 4096 December 22 18:07 .3drwxr-xr-x 15 coderflex coderflex 4096 January 5 12:13 ..4drwxr-xr-x 2 coderflex coderflex 4096 December 22 18:07 Console5drwxr-xr-x 2 coderflex coderflex 4096 December 22 18:07 Exceptions6drwxr-xr-x 6 coderflex coderflex 4096 January 5 11:59 Http7drwxr-xr-x 2 coderflex coderflex 4096 January 3 10:36 Models8drwxr-xr-x 2 coderflex coderflex 4096 December 22 18:07 ProvidersAll maters is d_rwxr-xr-x
So, this result in this given output is the following:
- User rights/Permissions
- The first char that I marked with underscore is the special permission flag that can var.
- The following set of three characters
(rwx)is for the Owner permissions. - The second set of three characters
rwxis for the Group permissions. - The third set of three char
(rwx)is for the users__ permissions
- Following that grouping since the integer/number displays the number of hard links to the file
- The last piece is the Owner and Group assignment formatted as Owner:Group (e.g. coderflex coderflex)
Using Binary References To set Permissions
Now that you understand the groups and permissions and how it works, you may notice some commands has binary references for example: chmod 640 example1 This command also represent changes in the file system and chmod is the command to change the access permissions of file system objects.
The binary numbers to rwx is the following:
- r = 4
- w = 2
- x = 1
Examples:
If you saw:
-
r-x: The User can read + Execute -
rwx: The User can Read + Write + Execute -
-wx: The User can Write and Execute. -
640: This means-
6For the Owner can Read and write (4 + 2 + 0) -
4For the Group can Read (4 + 0 + 0) -
1For All Users can Execute (0 + 0 + 1)
-
I think now you got the idea and understand the basics of the file system permissions. So, let dive into the most important things ;)
Web server as Owner (common)
If you understand the above, this become a piece of cake.
There are basically two ways to set up your ownership and permission. Either you give yourself ownership or you make the web server the owner of all files.
Assuming www-data (it could be something else) in your web server user:
let's assume your files inside /var/www/HTML/website
1sudo chown -R www-data:www-data /var/www/html/website-
chown: For changing the Owner
- -R: operate on files and directories recursively (--recursive)
If you do this command, the web server owns all the files, and is also the group, and you will have some problems uploading files or working with the file (e.g. FTP), because your FTP client will be logged in as you (the Owner), not your web server, so add your user to the web server user group to avoid any problem:
1sudo usermod -a -G www-data $USER-
usermod: modify a user account
- -a: Add the user to the supplementary group(s). Use only with the -G option.
- -G: A list of supplementary groups which the user is also a member of. Each group is separated from the next by a comma, with no intervening whitespace. The groups are subject to the same restrictions as the group given with the -g option.
Of course, this assumes your web server is running as www-data, and your user is $USER
Note
the word $USER in this case, is the name of the owner, and you check the name by running the command:
1whoamiOr
1echo $USERThen, you set all the directories to 755 and your files to 644
To set the file permission
1sudo find /var/www/html/website -type f -exec chmod 644 {} \;To set the directory permission
1sudo find /var/www/html/website -type d -exec chmod 755 {} \;Here all what we do is
- Find all the files (-type f) and make a _644 permissions.
- Find all the directories (-type d) and make 755__ permissions.
User as The Owner
This Method is great, it allows you to own everything such as files and directories.
Let assume as above your website in located in:
/var/www/HTML/website
1sudo chown -R $USER:www-data /var/www/html/websiteThe $USER meaning the current user, for example if you are logged in as root, the $USER is root
After this command do the following:
1sudo find /var/www/html/website -type f -exec chmod 644 {} \;To set the directory permission
1sudo find /var/www/html/website -type d -exec chmod 755 {} \;Storage & Cache Directory Permissions
Whichever way you set it up your server, you need to give read and write permissions to the web server for storage, cache and any other directories your web server needs to upload or write two (depending on your situation), so you can run this final commands
change the directory to your application
1cd /var/www/html/websiteafter that:
1sudo chgrp -R www-data storage bootstrap/cacheand
1sudo chmod -R ug+rwx storage bootstrap/cacheBe Careful
As the title says, be careful with giving 777 to folders/files, because if you give any of your folders permissions (full write, read, execute), you are allowing ANYONE literally anyone to read, write and execute any file in that directory.
Meaning by that, you must know that if you are given anyone (hackers, malicious person in the entire world) the permission to upload ANY file, virus or any other file, and then execute that file.
Conclusion
In today's article we learn together, what is file/directory permissions and how to set up the right permission while deploying your Laravel application to the server such as Digital Ocean.
