How to avoid using sudo for newly created files and folders by www-data?

@Snapey nothing wrong but right now my code creates folders and stores files and I can only access them using sudo su with my user

@Ligonsker add your user to the www-data group and if necessary chmod them so that the group can R and write them.

@Tray2 I was sure that the commands I did already added my user to the www-data group:

sudo gpasswd -a "$USER" www-data
sudo chown -R "$USER":www-data /var/www
find /var/www -type f -exec chmod 0660 {} \;
sudo find /var/www -type d -exec chmod 2770 {} \;

I am talking about the first 2 commands - so I think my user is already in the group, it's just that nginx creates the folders and files with permissions to read/write only to the owner and not other users in the group, so I have to redo these commands every time.

Or maybe I should just change the user for nginx process to my user instead of www-data? Or that's not a good idea (I think I need to do it both in the fpm config and in the nginx config)

@Ligonsker you can check your groups with groups

@Ligonsker You should not change any user or groups for nginx.

you can use -R when you chmod as well so you don't need to use the find /var/www...

You shouldn't change the owner of the file either, you should keep it as www-data:www-data

@Tray2 thanks, I added my user but still can't access the uploaded folder without sudo su (look at the permissions the PHP process creates the files with - I think that's not sufficient even for users in that group)

@Ligonsker Add yourself to the group with

sudo usermod -a -G www-data yourusername

@Ligonsker probably can't see groups you are not a member of

@Sinnbeck @snapey Do you know why the command sudo gpasswd -a "$USER" www-data didn't work? Or, maybe I didn't restart the machine? Because when I type sudo gpasswd -a "$USER" www-data, it writes me Adding user myuser to group www-data

@Ligonsker you are using the group password command?

@Snapey Should I stop using it? I just saw it in this post: https://askubuntu.com/questions/46331/how-to-avoid-using-sudo-when-working-in-var-www

@Ligonsker chmod -R 664 /var/www for example

https://chmod-calculator.com/

@Snapey @sinnbeck Alright it is pretty old, but I don't know who is Lekensteyn ( Peter Wu ) 😅

So instead I used @sinnbeck's command sudo usermod -a -G www-data yourusername and restarted my machine. Now when I type groups I can see that my user is indeed in the www-data group.

However, I can still not access the uploads folder created by the $file->store() method.

I think that's because it creates them with drwx--S--- 2 www-data www-data (folders) and -rw-r--r-- 1 www-data www-data (the files) so even if I'm in the group, the users inside do not have permissions for that

@Ligonsker he edited it. look further right for the author

@Ligonsker -rw-r--r-- That means read write for the owner, read for the group and read for everyone else.

@Tray2 But the folder itself has drwx--S--- - doesn't it mean that it's only for the owner? So I can't even access the folder in the first place

@Ligonsker i have just started using sudo su www-data when I want to mess with the webserver's files

And its not just uploads that are the issue, run an artisan command and you can end up with a log file owned by you and not www-data making it unwriteable by the server, or cache files with the same issue

for crontab I always edit as www-data also so that crons don't run as me. sudo crontab -e -u www-data

@Snapey Haha yes it happens to me too, that's why I keep this post in my bookmarks to quickly get the commands (I always forget): https://stackoverflow.com/questions/23411520/how-to-fix-error-laravel-log-could-not-be-opened

sudo chown -R $USER:www-data storage
sudo chown -R $USER:www-data bootstrap/cache
chmod -R 775 storage
chmod -R 775 bootstrap/cache

But it's just that I'm currently working specifically on code that uploads and stores files, so I thought there could be some more convenient way than sudo suing every time

@Ligonsker That means rwx for only the owner yes.

@Tray2 So yea that's why I can't access the files when the PHP code stores these files :/

@Ligonsker I take it, it's store in you storage directory?

You can try to chmod that 664

@Tray2 Yes I did it before, but, as my code is used to create nested folders all the time per user, like:

/storage/uploads/a/b/c, then every time a folder is created, it's created with the same permissions that my user can't access to so I still have to do this command every time

@Ligonsker Well I guess you don't pass the permission as the second parameter when you create the directory.

Storage::makeDirectory('directory', 0664):

@Tray2 Oh, So maybe I should not use the $file->store() method and do it manually using the Storage facade?

I just checked, and added the permissions array to my disk according to the docs: https://laravel.com/docs/9.x/filesystem#local-files-and-visibility

        'local' => [
            'driver' => 'local',
            'root' => storage_path('files'),
            'throw' => true,
            'permissions' => [
                'file' => [
                    'public' => 0777,
                    'private' => 0777,
                ],
                'dir' => [
                    'public' => 0777,
                    'private' => 0777,
                ],
            ],
        ],

I wasn't sure if store() uses public or private so I just set it for both, and now it worked! I can access the uploaded files.

Although I noticed something weird: I specified for this test 0777, yet the files and folders created have the following permissions:

Folders:

drwxr-sr-x 2 www-data www-data

Files:

-rw-r--r-- 1 www-data www-data

I don't think that's 0777? But that's enough to access it.

But maybe, I should replace the ->store() method all along, and use $path = Storage::putFile('avatars', $request->file('avatar'));, though I am not sure how to combine putFile with permissions.

I saw the setting permission is done when using the put method, not putFile