The Correct Way To Set Up Web Server File Permissions

Photo credit: Science in HD on Unsplash

Working with Web servers and file permissions can sometimes be tricky. If not set up correctly you can run into situations where your Web server is not able to create/write files and therefore generating errors, or a situation where your Web server works correctly but you are not able to work with the files either via FTP or when running php artisan commands if you are working with Laravel. A correctly set up file ownership and permission will have the Web server working correctly and still allow you to work with the files without any issues.

I have run into these issues many times, so I decided to document the correct way to do it so I can easily come back to it whenever I need to, and I thought maybe someone else may find it useful as well.

There are basically two accepted ways to set up file ownership and permissions in a Web server. And non of them involve setting the file permissions to 777. That's a bad idea. It's either you 1). give yourself ownership of the files or 2). make the Web server the owner.

Note that the commands used in this post are for Unix-based operating systems like Ubuntu and macOS. If your Web server is windows-based or other operating systems, the concepts described in this post should still hold but the commands you need to execute are different.

Method 1: Web server As The Owner:

This is the method most people use. Assuming www-data is the name and group name of your Web server, run the command, replacing /path/to/your/root/directory with your actual directory;

sudo chown -R www-data:www-data /path/to/your/root/directory

Running the command above gives the Web server ownership of all the files and also the files are added to the Web server group; www-data.

This will however give you issues when uploading files or working with files via FTP or when running php artisan commands if you are using Laravel, because you will be logged in as you when running those commands, or your FTP client will be logged in as you, not as your Web server. To solve this issue, you need to add your user to the Web server user group:

Assuming your Web server is running under the group www-data, and your user name is ubuntu, run the command;

sudo usermod -a -G www-data ubuntu

Then you need to set all your directories to 755 and all your files to 644.

Run the following command to set the file permissions; (replace /path/to/your/root/directory with your actual directory)

sudo find /path/to/your/root/directory -type f -exec chmod 644 {} \;

And run the following command to set the directory permissions; (replace /path/to/your/root/directory with your actual directory)

sudo find /path/to/your/root/directory -type d -exec chmod 755 {} \;

Method 2: You As The Owner

If you own all the directories and files, it makes working with them much easier. To do that, go to your root directory, assuming it is /var/www/html/project; run the following commands

cd /var/www/html/project
sudo chown -R $USER:www-data .

Then give both yourself and the Web server permissions:

sudo find . -type f -exec chmod 664 {} \;
sudo find . -type d -exec chmod 775 {} \;

Storage and Cache Directories In Laravel

Whichever method you choose, you need to give read and write permissions to the Web server for storage, cache, and any other directories the Web server needs to upload or write to (depending on your situation), so run the following commands, or similar commands if you are not using Laravel, replacing storage and bootstrap/cache with your correct directories:

sudo chgrp -R www-data storage bootstrap/cache
sudo chmod -R ug+rwx storage bootstrap/cache

And that's it, now you have secure file permissions and your website works, and you can also work with the files easily.