Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

mateoo88's avatar

Folders permissions in Laravel

What is the best practice for granting file and folder permissions in Laravel. Mostly you can find in tutorials:

sudo chown -R www-data:www-data /path-to-your-project
sudo chmod -R 775 /path-to-your-project/storage
sudo chmod -R 775 /path-to-your-project/bootstrap/cache

However, asking AI (Claude) - recommends making a security issue :

sudo chown -R $USER:www-data /var/www/html/path-to-your-project
sudo chmod -R 775 /var/www/html/path-to-your-project/storage
sudo chmod -R 775 /var/www/html/path-to-your-project/bootstrap/cache

Which option is better/safer ?

0 likes
5 replies
LaryAI's avatar
LaryAI
AI
9 months ago
Level 58

Great question! File and folder permissions are critical for both security and functionality in Laravel projects.

Best Practice for Laravel Folder Permissions

Laravel needs write access for the storage and bootstrap/cache directories. The rest of your project should not be writable by the web server.

Recommended Approach

1. Ownership

  • The web server (often www-data on Ubuntu) must be able to write to storage and bootstrap/cache.
  • It's safest if your user owns the files, but the web server group (www-data) has write access to only the necessary directories.

2. Permissions

  • Set the group ownership of storage and bootstrap/cache to the web server group.
  • Give group write permissions to these directories.

Commands:

# Set your user as owner, and www-data as the group
sudo chown -R $USER:www-data /path-to-your-project

# Set group write permissions only for storage and bootstrap/cache
sudo chmod -R 775 /path-to-your-project/storage
sudo chmod -R 775 /path-to-your-project/bootstrap/cache

Explanation:

  • chown -R $USER:www-data ... makes your user the owner (so you can edit files easily), and the web server group can write where needed.
  • chmod -R 775 ... allows the owner and group to read/write/execute, but others can only read/execute.
  • Do not make the entire project writable by the web server. Only storage and bootstrap/cache need this.

Never use 777 permissions unless you are in a non-production, isolated environment (e.g., local development and you understand the risks).

Summary Table

Directory Owner Group Permissions
All except storage/cache your user www-data 755
storage, bootstrap/cache your user www-data 775

Commands to set 755 for all except storage/cache:

sudo find /path-to-your-project -type d -exec chmod 755 {} \;
sudo find /path-to-your-project -type f -exec chmod 644 {} \;

Then set 775 for the writable directories as above.

In summary:
The second approach ($USER:www-data with 775 only on necessary folders) is safer and more flexible, especially for development. For production, you may want to be even more restrictive, depending on your deployment strategy.

References:

Let me know if you have further questions!

ian_h's avatar

The latter (Claude option) gives you the ability to edit the files as your user and still allow the webserver to read them as required too. IMO, this is perfectly fine and IIRC, will likely be the default if you use a VPS and cPanel etc etc.

However, I wouldn't mass chmod the way either suggest as that will make any files in those dirs executable too. I would use the find statements that Larry has suggested above as this will set the right permissons for dirs and files separately.

oldgit's avatar

I have set folder permissions as described here (with user - bitnami and group - daemon on Lightsail) and all has been working well. Recently, I have setup a cron job which runs every minute and runs a script which outputs to the Laravel daily log.

Problem that I have is that, when the cronjob initially creates the day's log file, it takes ownership so the file has permissions as

-rw-r--r-- 1 daemon daemon 78 Sep 24 09:22 laravel-2025-09-24.log

With these permissions, it becomes unwritable by bitnami and crashes when other scripts attempt to enter a log item. I am reluctant to experiment too much for fear of breaking the installation.

When the log is initialised without the cron job, it appears as

-rwxrwxr-x 1 bitnami daemon 8806 Sep 22 22:50 laravel-2025-09-22.log

Can anyone point me at a thorough explanation of where I am going wrong?

ian_h's avatar

Assuming this is still an issue.... have you tried running the cronjob as the bitnami user? Something like:

10 * * * * bitnami /path/to/your/command

This should then create the log file and be owned by bitnami and prevent the issue.

Snapey's avatar

you can also edit crontab for a specific user

sudo crontab -e -u bitnami

but make sure the original crontab is removed.

Please or to participate in this conversation.