If you don't set permissions right, your server will be down. If too restrictive, i.e. your server(e.g nginx or apache) has no write permissions for some things, content won't be served. If too liberal, you will pawned and alot of bad things will maybe happen. Here's how I set the permissions(should be added to playbooks if possible).
There are 2 ways of setting up the permissions:
- Make webserver owner of all files [Recommended]
- Giving yourself ownership
sudo chown -R www-data:www-data /path/to/dir
sudo usermod -a -G www-data <yourusername>
sudo find /path/to/your/laravel/root/dir -type f -exec chmod 644 {} \;
sudo find /path/to/your/laravel/root/dir -type d -exec chmod 755 {} \;
sudo chgrp -R www-data storage bootstrap/cache
sudo chmod -R ug+rwx storage bootstrap/cachesudo chown -R my-user:www-data /path/to/your/laravel/root/directory
sudo find /path/to/your/laravel/root/dir -type f -exec chmod 664 {} \;
sudo find /path/to/your/laravel/root/dir -type d -exec chmod 775 {} \;
sudo chgrp -R www-data storage bootstrap/cache
sudo chmod -R ug+rwx storage bootstrap/cacheIf you run things like passport, a common source of error is 500 caused by not setting an oauth token. This is fixed by running:
php artisan passport:installIn the above examples, the exec command was used with a ;(so you need to type a \; to avoid interpretion by the shell) or a +. The diffference is that with ;, the command is called once per file; and with a +, it is called just as few times as possible(usually once, but there is a maximum length for a command line, so it might be split up) with all the file names.
Do not give any of your files 777 file permissions, otherwise you will be pawned. Alot of people have ignorantly suggested this on many websites as a quick hack to get things running on the server.