Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

Corbin's avatar

Log file permissions error on AWS elastic beanstalk with Laravel 6:

I got the following error when entering my site on a production server:

The stream or file "/var/app/current/storage/logs/laravel-2019-11-22.log" could not be opened: failed to open stream: Permission denied

I ran chmod -R 775 storage/logs/ and composer dump-autoload and I was able to get onto the home page of my site without any errors. After surfing around the site a bit more I was getting the same error in various areas and not in others:

php artisan cache:clear
php artisan config:clear
php artisan config:cache
php artisan optimize:clear
composer dump-autoload

Again same error

The stream or file "/var/app/current/storage/logs/laravel-2019-11-22.log" could not be opened: failed to open stream: Permission denied

I reran my migrations and now I can't access the home page with out the permissions error.

I deleted the following files and ran php artisan cahce:clear:

I then tried to change the owner on the files and set the permissions on the directory and files in the storage:

sudo chown $USER:apache ./storage -R

find ./storage -type d -exec chmod 775 {} \;

find ./storage -type f -exec chmod 664 {} \;

The log files permissions

drwxrwxr-x 2 ec2-user apache 4096 Nov 22 00:44 logs
-rw-rw-r-- 1 ec2-user apache 14544 Nov 22 22:53 laravel-2019-11-22.log

I'm lost. I don't know what is going on, or what to do.

Edit

I tried deleting the files in the logs. Still the same error.

0 likes
6 replies
claudsonm's avatar
claudsonm
6 years ago
Best Answer
Level 28

It happens ALL THE TIME, really annoying. Don't know what AWS image you are using, but the AWS AMI uses webapp as the web user, not apache or ec2-user as the file shows. In that case, the webapp user has no access rights over those files.

But even instructing AWS to give permissions to the files and folders to the correct user (using .ebextensions files), sometimes, for mysterious reasons, it creates things as the root user. I'm really thinking about put the ec2-user and webapp into the root group, because I don't know how to prevent things being created as root.

2 likes
Corbin's avatar

@claudsonm

AWS image

PHP 7.3 running on 64bit Amazon Linux/2.9.0

Is it always this hard dealing with AWS in general? I've had nothing but problems.

So do I just have to give webapp access 775 permissions to the storage/logs folder? Or do I have to create an .ebextensions file and some how tell AWS to give permissions to webapp? Is there anything in the docs or any StackOverflow threads about this?

Sorry, I'm just a little bit confused.

Corbin's avatar

Actually I just got it!

sudo chown $USER:webapp ./storage -R

find ./storage -type d -exec chmod 775 {} \;

find ./storage -type f -exec chmod 664 {} \;

If you think everything looks good I'll give you the best answer, since you pointed out that

AWS AMI uses webapp as the web user, not apache or ec2-user

Thank you so much!

claudsonm's avatar

Yeah, that's the way to go.

Things run smoothly most of the times. But sometimes a new deployment gets triggered and even with those commands inside the .ebextensions files things get created as root, and we are back to it.

But there is this repo (https://github.com/rennokki/laravel-aws-eb) with really great insights. It helped me to setup supervisor. Maybe it helps you too.

If someone knows how to tackle that, would be much appreciated.

MrMoto9000's avatar

I'm having this exact problem with an EB. I have no idea why the error log it's creating is owned by root. Pulling my hair out at the moment.

1 like
LiamSarsfield's avatar

I was having a very similar problem but with using EB with Docker. To fix this I added a new permissions.config file in .ebextensions

commands:
  command block:app
    command: |
      groupadd -g ${DOCKER_PERMISSIONS_ID} www
      useradd -u ${DOCKER_PERMISSIONS_ID} -ms /bin/bash -g www www
container_commands:
  changePermissions:
    command: chown -R www:www /var/app/staging

This adds a new group and user (with a same id) and assigns it where my project is extracted. "/var/app/staging" may be different for you if you're using a different stack (see https://aws.amazon.com/premiumsupport/knowledge-center/elastic-beanstalk-mount-efs-volumes-app/) The ${DOCKER_PERMISSIONS_ID} is coming from a variable in my .env file. This ID needs to be unique to other users in the instance(s) being deployed. ec2-user in Docker Amazon Linux 2 is 1000, so DOCKER_PERMISSIONS_ID cannot be 1000

If the EB stack you're using is also docker and you have a dockerfile using php-fpm with docker-compose, ensure the DOCKER_PERMISSIONS_ID is also the same ID for that image

Please or to participate in this conversation.