laravelapachecomposer-phpfile-permissionspyrocms

Laravel/PyroCMS Webserver and PHP Composer Permissions

Could anyone help me with some unix permission stuff? I’ve been struggling with it for months now and can’t get it quite right.

My web server is running as www-data in the www-data group and I do my composer stuff as a user called finn with sudo privileges (but I definitely don’t sudo composer :joy:).

From what I read, it is often easier for a user to own all the files/directories but for the user to be in the www-data group, so to that effect I have written a bash script:

#!/bin/bash
sudo chown -R finn:www-data /srv/pyrocms
sudo usermod -a -G www-data finn
sudo find /srv/pyrocms -type f -exec chmod 664 {} \;
sudo find /srv/pyrocms -type d -exec chmod 775 {} \;
sudo chgrp -R www-data storage bootstrap/cache
sudo chmod -R ug+rwx storage bootstrap/cache

Where the aim is to 1. Make me own everything 2. Add me to the www-data group 3. Set read/execute permissions 4. Change the group to www-data for the all important storage and bootstrap/cache 5. Give me and the www-data group read/write/execute permissions on storage and bootstrap/cache

The problem! After doing composer update as the finn user I often get problems where the web server cannot write to cache files in storage/streams/{site-slug}/cache/ and it kicks the bucket throwing 500 errors.

What can I do to fix this?

Solution

  • Since you already have sudo privileges and you're using sudo, it may be easier to login as www-data user and do all tasks as www-data. There will be no problems with privileges if everything will be owned by www-data:

    sudo su -s /bin/bash www-data
composer install

    Alternatively (and probably better) option would be to create dedicated user (like www-finn) and always run PHP as www-finn. It should be pretty easy to achieve, if you're using php-fpm for running PHP processes for handling web requests:

    [www-finn]  
user = www-finn
group = www-finn
...
listen.owner = www-finn
listen.group = www-finn

    Add www-data to www-finn group so webserver will have access to www-finn files. And then make www-finn owner of your web app:

    usermod -a -G www-finn www-data
sudo chown -R www-finn:www-finn /srv/pyrocms