正确的服务器上Laravel文件夹的权限 [英] Correct permission for Laravel folders on server
问题描述
我目前即将部署Laravel应用.我的功能之一是生成PDF并将文件保存在存储文件夹中.但是问题是,它仅在存储文件夹具有777权限时才起作用.当然,一旦部署,这将带来很大的安全风险.我该如何解决?因为如果我没有777权限,它将返回Warning: mkdir() [function.mkdir]: Permission denied in ...错误.
I am currently about to deploy a Laravel app. One of my features is to generate a PDF and save the file in the storage folder. But the problem is, it only works when the storage folder has 777 permission. Of course that is a big security risk once it is deployed. How to I solve it? Because if I don't 777 permission, it returns a Warning: mkdir() [function.mkdir]: Permission denied in ... error.
谢谢:)
推荐答案
这些权限应在存储文件夹上设置为770.
These permissions should be set to 770 on the storage folder.
这将允许目录的所有者(最好是维护Web管理员)读取/写入/执行.它将允许Web组(最好是维护Web管理员和Web服务器用户所在的组)具有读/写/执行权限. 0表示其他用户对该目录没有权限.该目录应归维护Web管理员所有,并将其所有权组设置为Web组.
This will allow the owner of the directory (ideally the maintenance web admin) read/write/execute. And it will allow the web group (ideally the group that the maintenance web-admin and the web server user are both in) to have read/write/execute permission. The 0 means that other users have no permissions in the directory. The directory should be owned by the maintenance web admin, with it's ownership group set to the web group.
示例
chown -R mywebadmin:www-data /var/www/html/mysite.com/
chmod -R 750 /var/www/html/mysite.com/
chmod -R 770 /var/www/html/mysite.com/storage
结果
- /var/www/html/mysite.com-由
mywebadmin拥有,组为www-data- 所有者可以编写/读取/执行
- 组可以读取/执行
- 别人无能为力
- /var/www/html/mysite.com - Owned by
mywebadmin, Group iswww-data- Owner can write/read/execute
- Group can read/execute
- Others can do nothing
- 所有者可以编写/读取/执行
- 组可以写入/读取/执行
- 别人无能为力
如果您想记住这些权限,有一个有用的>工具可用于生成这些权限.
There is a useful tool for generating these permissions if you have a hard time remembering them.
注意:在目录中具有Web用户的写访问权限极其危险.更好的选择是创建一个PHP脚本,将其
Content-Type的标头更改为application/octet-stream,并让PHP脚本在不写入文件系统的情况下内部生成所需的文件.Note: It is extremely dangerous to have write access for the web user in the directory. A better option would be creating a PHP script that changes it's headers for
Content-Typetoapplication/octet-streamand having the PHP script generate the file it needs interanally without writing to the file system.这篇关于正确的服务器上Laravel文件夹的权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
