Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

extjac's avatar

Laravel Chmod 755 vs 777

I use AWS EC2 and AWS Lightsail to host a few websites. Today i wanted to review the security to make sure that all is ok. I noticed that bellow folders I have them with 777. So i tried to changed to 755 but i get a 500 error

/bootstrap/cache
/storage/framework/cache/data
/storage/framework/sessions.
/storage/framework/views

how do you set up your folder access?

0 likes
7 replies
tykus's avatar

If the web server system user (e.g. usually defaults to www-data for Apache, www for nginx) cannot write those directories, then you will get an error; check the owner and group for those directories.

Snapey's avatar

its not just about the number, it's about ownership

The first digit represents what the owner of the files can do

The second digit is what members of the same group can do

The third digit is what anyone can do

so you are removing write access by everyone apart from the owner of the file

If you uploaded the files in your own name then the web server will be unable to overwrite them

extjac's avatar

Thank you all for the comments.

I kind of understand the difference between 777 and 755. What I don't understand is that how someone will be able to upload a file under these folders; In theory, we just make the /public available...in my case, I am using S3 so there is not upload to the server.

tykus's avatar

The web server process runs as a particular user on your host; typically www or www-data depending on the underlying web server. Whenever serving a Request, it is this user that will be reading/writing files to the filesystem, so this user must have appropriate read/write/execute permissions for the application code, storage directories etc. in order to run PHP code, store uploaded files, write logs and files (such as compiled Blade templates)

The web server user can be changed to another system user if that is appropriate for you, e.g. with Laravel Forge it is run as forge.

What I don't understand is that how someone will be able to upload a file under these folders

Uploading a file using your web application (as a feature of your web application), or uploading a file that will be part of your application (e.g. PHP/CSS/JS)?

extjac's avatar

I was playing this morning with this...set folders to 755 or 775, ran the command below, and still laravel shows the 500 error / permission denied.

sudo chown -R www-data:www-data /opt/bitnami/apache/htdocs/project_name/storage
Shinya Koizumi's avatar

This is a older post but if new create folder is created by web server and the web server is running by root you still have the problem accessing the particular folder

Please or to participate in this conversation.