Group forge changed to www-data, can't fix

1.) As which user does php-fpm run, and does this user belong to a group? If so, which group?

2.) As which user does nginx run, and does this user belong to a group? If so, which group?

Generally speaking, your entire project tree, on the filesystem, should be owned by the same user and group.

For example, my storage directory looks like this (I'm not using Forge, but the point still stands):

drwxr-x---  6 web1 client1 4.0K Jan  5 15:31 storage

In my case, php-fpm runs as the web1 user, and nginx runs as the www-data user. web1 is in the client1 group, and client1 (which, again, is a group) is in the www-data group.

(I'm running Ubuntu 16.04 LTS in a relatively "vanilla" configuration.)

As you can see from the permissions set on my storage directory, 0750 should be sufficient, if you have configured everything appropriately.

The subdirectories look the same:

drwxr-x---  6 web1 client1 4.0K Jan  5 15:31 .
drwxr-x--- 13 web1 client1 4.0K Jan  5 15:32 ..
drwxr-x---  3 web1 client1 4.0K Jan  5 15:31 app
drwxr-x---  2 web1 client1 4.0K Jan  5 15:31 files
drwxr-x---  5 web1 client1 4.0K Jan  5 15:31 framework
drwxr-x---  2 web1 client1 4.0K Jan  5 15:31 logs

My advice is to untangle this problem once and for all, determine which ownership and permissions are necessary, and create a simple shell script that is capable of "fixing" both at any time, should this occur again in the future.

If you're able to answer the two questions I asked, above, I'm happy to provide additional guidance!

$ ps aux | grep php-fpm

root     27573  0.0  4.7 477796 48592 ?        Ss    2017   4:47 php-fpm: master process (/etc/php/7.1/fpm/php-fpm.conf)
www-data 29602  0.1  3.4 480988 35268 ?        S    15:08   0:22 php-fpm: pool www
www-data 30271  0.2  3.4 483316 35444 ?        S    17:08   0:29 php-fpm: pool www
www-data 30272  0.1  3.4 480996 34664 ?        S    17:08   0:20 php-fpm: pool www
forge    31399  0.0  0.0  12948   936 pts/0    S+   20:52   0:00 grep --color=auto php-fpm

$ ps aux | grep nginx

root      9804  0.0  0.7 149316  7432 ?        Ss   Jan07   0:00 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
forge     9819  0.0  0.6 149224  7072 ?        S    Jan07   2:10 nginx: worker process
forge    31402  0.0  0.0  12948  1012 pts/0    S+   20:52   0:00 grep --color=auto nginx

How do I determine which ownership and permissions are necessary? On another server of mine the only difference of the default implementation is forge forge instead of forge www-data.

Not sure how I can fix this without introducing another bug (invalid crsf token error)

Okay, so, php-fpm is running as the www-datauser, and nginx is running as the forge user.

You didn't specify whether either of these users belongs to a group, and if so, which one. ;) Given your comments, however, it seems that the forge user likely belongs to a group of the same name, as does the www-data user. Please confirm.

Also, it is important to note that both of these users must have appropriate access to the filesystem for the site to function as intended, because both php-fpm and nginx need a certain level of access in this configuration.

Try this (and do the same to any other directories, as necessary):

$ sudo chown -R forge:www-data ./storage
$ sudo chmod -R 770 ./storage

What is the result?

The best way to troubleshoot this further is to create a shell script that you can edit and refine between executions, until you have it "just right".

Something like this, from within the top-level Laravel application directory:

$ vim ./set-perms.sh

And then paste-in the following:

#!/bin/sh

chown -R forge:www-data ./storage
chmod -R 770 ./storage

To execute it:

$ sudo ./set-perms.sh

You can then edit the contents of the script, re-run it, see if it works as you require, and if not, edit and run it again. Rinse and repeat until it's dialed-in!

You can also control what php-fpm vs nginx is running as here: https://unix.stackexchange.com/questions/30190/how-do-i-set-the-user-of-php-fpm-to-be-php-user-instead-of-www-data