如何为 Laravel 设置文件权限? [英] How to set up file permissions for Laravel?
问题描述
我正在使用所有者设置为 _www:_www 的 Apache Web 服务器.我从来不知道文件权限的最佳实践是什么,例如当我创建新的 Laravel 5 项目时.
I'm using Apache Web Server that has the owner set to _www:_www. I never know what is the best practice with file permissions, for example when I create new Laravel 5 project.
Laravel 5 要求 /storage 文件夹是可写的.我发现了很多不同的方法来使它工作,我通常以递归方式使其 777 chmod 结束.我知道这不是最好的主意.
Laravel 5 requires /storage folder to be writable. I found plenty of different approaches to make it work and I usually end with making it 777 chmod recursively. I know it's not the best idea though.
官方文档说:
Laravel 可能需要配置一些权限:文件夹内storage 和 vendor 需要 Web 服务器的写访问权限.
Laravel may require some permissions to be configured: folders within
storageandvendorrequire write access by the web server.
这是否意味着 Web 服务器本身也需要访问 storage 和 vendor 文件夹,或者只需要访问它们的当前内容?
Does it mean that the web server needs access to the storage and vendor folders themselves too or just their current contents?
我认为更好的是更改所有者而不是权限.我以递归方式将 Laravel 的所有文件权限更改为 _www:_www,这使网站正常工作,就好像我将 chmod 更改为 777 一样.问题是,现在每次我想保存任何文件时,我的文本编辑器都会要求我输入密码,如果我尝试在 Finder 中更改任何内容(例如复制文件),也会发生同样的情况.
I assume that what is much better, is changing the owner instead of permissions. I changed all Laravel's files permissions recursively to _www:_www and that made the site work correctly, as if I changed chmod to 777. The problem is that now my text editor asks me for password each time I want to save any file and the same happens if I try to change anything in Finder, like for example copy a file.
解决这些问题的正确方法是什么?
What is the correct approach to solve these problems?
- 更改
chmod - 更改文件的所有者以匹配Web 服务器,也许将文本编辑器(和 Finder?)设置为跳过要求输入密码,或者让他们使用
sudo - 更改 web 服务器的所有者以匹配 os 用户(我不知道后果)
- 别的东西
推荐答案
只是为了向查看此讨论的任何人陈述显而易见的事情....执行该目录中的任何文件....这意味着您已授予任何人(全世界的任何黑客或恶意人员)上传任何文件、病毒或任何其他文件的权限,然后执行该文件...
Just to state the obvious for anyone viewing this discussion.... if you give any of your folders 777 permissions, you are allowing ANYONE to read, write and execute any file in that directory.... what this means is you have given ANYONE (any hacker or malicious person in the entire world) permission to upload ANY file, virus or any other file, and THEN execute that file...
如果您将文件夹权限设置为 777,则您已经打开了为任何能找到该目录的人提供服务器.够清楚???:)
IF YOU ARE SETTING YOUR FOLDER PERMISSIONS TO 777 YOU HAVE OPENED YOUR SERVER TO ANYONE THAT CAN FIND THAT DIRECTORY. Clear enough??? :)
基本上有两种方法可以设置您的所有权和权限.您要么给自己所有权,要么让网络服务器成为所有文件的所有者.
There are basically two ways to setup your ownership and permissions. Either you give yourself ownership or you make the webserver the owner of all files.
作为所有者的网络服务器(大多数人这样做的方式,以及 Laravel 文档的方式):
假设 www-data(可能是别的东西)是您的网络服务器用户.
assuming www-data (it could be something else) is your webserver user.
sudo chown -R www-data:www-data /path/to/your/laravel/root/directory如果你这样做,网络服务器拥有所有文件,也是组,你会在上传文件或通过 FTP 处理文件时遇到一些问题,因为你的 FTP 客户端将以你的身份登录,而不是你的网络服务器,因此将您的用户添加到 webserver 用户组:
if you do that, the webserver owns all the files, and is also the group, and you will have some problems uploading files or working with files via FTP, because your FTP client will be logged in as you, not your webserver, so add your user to the webserver user group:
sudo usermod -a -G www-data ubuntu当然,这假设您的网络服务器作为 www-data 运行(Homestead 默认值),并且您的用户是 ubuntu(如果您使用 Homestead,它就是流浪者).
Of course, this assumes your webserver is running as www-data (the Homestead default), and your user is ubuntu (it's vagrant if you are using Homestead).
然后将所有目录设置为 755,将文件设置为 644...设置文件权限
Then you set all your directories to 755 and your files to 644... SET file permissions
sudo find /path/to/your/laravel/root/directory -type f -exec chmod 644 {} \; 设置目录权限
sudo find /path/to/your/laravel/root/directory -type d -exec chmod 755 {} \;您的用户作为所有者
我更喜欢拥有所有目录和文件(这样可以更轻松地处理所有内容),因此,转到您的 Laravel 根目录:
I prefer to own all the directories and files (it makes working with everything much easier), so, go to your laravel root directory:
cd /var/www/html/laravel >> assuming this is your current root directory
sudo chown -R $USER:www-data .然后我给自己和网络服务器权限:
Then I give both myself and the webserver permissions:
sudo find . -type f -exec chmod 664 {} \;
sudo find . -type d -exec chmod 775 {} \;然后授予网络服务器读取和写入存储和缓存的权限
无论您以何种方式设置,您都需要向网络服务器授予读写权限,以进行存储、缓存以及网络服务器也需要上传或写入的任何其他目录(取决于您的情况),因此请运行以下命令上面害羞:
Whichever way you set it up, then you need to give read and write permissions to the webserver for storage, cache and any other directories the webserver needs to upload or write too (depending on your situation), so run the commands from bashy above :
sudo chgrp -R www-data storage bootstrap/cache
sudo chmod -R ug+rwx storage bootstrap/cache现在,您是安全的,您的网站可以正常工作,而且您可以相当轻松地处理文件
Now, you're secure and your website works, AND you can work with the files fairly easily
这篇关于如何为 Laravel 设置文件权限?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
