如何设置Laravel的文件权限? [英] How to set up file permissions for Laravel?
问题描述
我正在使用拥有者设置为_www:_www的Apache Web服务器.我永远都不知道使用文件权限的最佳做法是什么,例如,当我创建新的Laravel 5项目时.
I'm using Apache Web Server that has the owner set to _www:_www. I never know what is the best practice with file permissions, for example when I create new Laravel 5 project.
Laravel 5要求/storage文件夹是可写的.我发现了很多不同的方法来使其工作,并且通常以递归方式使它成为777 chmod.我知道这不是最好的主意.
Laravel 5 requires /storage folder to be writable. I found plenty of different approaches to make it work and I usually end with making it 777 chmod recursively. I know it's not the best idea though.
官方文件说:
Laravel可能需要配置一些权限:
storage和vendor要求Web服务器具有写访问权限.
Laravel may require some permissions to be configured: folders within
storageandvendorrequire write access by the web server.
这是否意味着Web服务器本身也需要访问storage和vendor文件夹或仅访问其当前内容?
Does it mean that the web server needs access to the storage and vendor folders themselves too or just their current contents?
我认为更好的是更改所有者而不是权限.我将所有Laravel的文件权限递归更改为_www:_www,这使站点正常工作,就像我将chmod更改为777一样.问题在于,现在我的文本编辑器每次想保存任何文件时都要求我输入密码,如果我尝试在Finder中更改任何内容(例如复制文件),也会发生同样的情况.
I assume that what is much better, is changing the owner instead of permissions. I changed all Laravel's files permissions recursively to _www:_www and that made the site work correctly, as if I changed chmod to 777. The problem is that now my text editor asks me for password each time I want to save any file and the same happens if I try to change anything in Finder, like for example copy a file.
解决这些问题的正确方法是什么?
What is the correct approach to solve these problems?
- 更改
chmod - 更改文件的所有者以匹配文件的所有者
Web服务器,也许将文本编辑器(和Finder?)设置为跳过
询问密码,或让他们使用
sudo - 更改Web服务器的所有者以匹配os用户(我不知道) 知道后果)
- 还有其他事情
- Change
chmod - Change the owner of the files to match those of the
web server and perhaps set the text editor (and Finder?) to skip
asking for password, or make them use
sudo - Change the owner of the web server to match the os user (I don't know the consequences)
- Something else
推荐答案
对于正在浏览此讨论的任何人来说,这都是显而易见的.如果您授予任何文件夹777权限,则表示允许任何人读取,写入和执行该目录中的任何文件....这意味着您已授予ANYONE(全世界的任何黑客或恶意人员)上传任何文件,病毒或任何其他文件的权限,然后执行该文件...
Just to state the obvious for anyone viewing this discussion.... if you give any of your folders 777 permissions, you are allowing ANYONE to read, write and execute any file in that directory.... what this means is you have given ANYONE (any hacker or malicious person in the entire world) permission to upload ANY file, virus or any other file, and THEN execute that file...
如果您将文件夹许可设置为777,则已打开 服务器可以找到该目录的任何人.足够清楚了吗? :)
IF YOU ARE SETTING YOUR FOLDER PERMISSIONS TO 777 YOU HAVE OPENED YOUR SERVER TO ANYONE THAT CAN FIND THAT DIRECTORY. Clear enough??? :)
基本上有两种方法来设置您的所有权和权限.您要么赋予自己所有权,要么让Web服务器成为所有文件的所有者.
There are basically two ways to setup your ownership and permissions. Either you give yourself ownership or you make the webserver the owner of all files.
以Web服务器作为所有者(大多数人的操作方式以及Laravel文档的方式):
假设www-data(可能是别的东西)是您的网络服务器用户.
assuming www-data (it could be something else) is your webserver user.
sudo chown -R www-data:www-data /path/to/your/laravel/root/directory
如果执行此操作,则网络服务器将拥有所有文件,也属于该组,并且在通过FTP上传文件或使用文件时会遇到一些问题,因为FTP客户端将以您而不是Web服务器的身份登录,因此将您的用户添加到网络服务器用户组:
if you do that, the webserver owns all the files, and is also the group, and you will have some problems uploading files or working with files via FTP, because your FTP client will be logged in as you, not your webserver, so add your user to the webserver user group:
sudo usermod -a -G www-data ubuntu当然,这假设您的网络服务器以www-data(Homestead的默认值)运行,并且您的用户是ubuntu(如果您使用Homestead则无所适从).
Of course, this assumes your webserver is running as www-data (the Homestead default), and your user is ubuntu (it's vagrant if you are using Homestead).
然后将所有目录设置为755,文件设置为644 ... 设置文件权限
Then you set all your directories to 755 and your files to 644... SET file permissions
sudo find /path/to/your/laravel/root/directory -type f -exec chmod 644 {} \; 设置目录权限
sudo find /path/to/your/laravel/root/directory -type d -exec chmod 755 {} \;您作为所有者的用户
我更喜欢拥有所有目录和文件(这使得处理所有内容变得更加容易),所以我这样做:
I prefer to own all the directories and files (it makes working with everything much easier), so I do:
sudo chown -R my-user:www-data /path/to/your/laravel/root/directory然后,我同时给自己和Web服务器权限:
Then I give both myself and the webserver permissions:
sudo find /path/to/your/laravel/root/directory -type f -exec chmod 664 {} \;
sudo find /path/to/your/laravel/root/directory -type d -exec chmod 775 {} \;然后授予Web服务器读写存储和缓存的权限
无论采用哪种设置方式,都需要授予Web服务器读写权限,以存储,缓存以及该Web服务器也需要上传或写入的任何其他目录(具体取决于您的情况),因此请从以下位置运行命令以上是卑鄙的:
Whichever way you set it up, then you need to give read and write permissions to the webserver for storage, cache and any other directories the webserver needs to upload or write too (depending on your situation), so run the commands from bashy above :
sudo chgrp -R www-data storage bootstrap/cache
sudo chmod -R ug+rwx storage bootstrap/cache现在,您很安全,您的网站可以正常运行,并且可以相当轻松地使用文件
Now, you're secure and your website works, AND you can work with the files fairly easily
这篇关于如何设置Laravel的文件权限?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
