Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
I have a laravel project and I have problems when dealing with permissions.
First, after cloning project in user home directory and moving to /var/www/projectname, I changed all permissions to current user sudo chown -R user:user .(to get git working), then storage, bootstrap/cache to www-data(what docs says).
Then I run my script that runs bunch of php artisan ... with www-data user, and they work.
Problem is composer install command, If i run it via regular user it says don't have permission to modify laravel.log(because has www-data permission), and if I run it via www-data user, says failed to open stream vendor/installed.php(because has regular user permission). The only way is to run that is via sudo which I don't want.
If you are using Mac or Windows I recommend using Laravel Herd, and if you are using Linux https://herd.laravel.com/
They don't officially support Linux (as far as I know) but check this guide
https://medium.com/@emmaw4430/laravel-herd-for-linux-all-you-need-to-know-e0c680d8a400
Or try Valet for linux
https://github.com/cpriego/valet-linux
If you want to roll your own, I suggest this guide.
https://www.howtoforge.com/how-to-install-laravel-framework-with-nginx-on-ubuntu-22-04/
This is roughly my process for a new install
ssh as my user
sudo chmod -r 775 .
From memory, so hope is ok
I then have a build.sh file that runs future updates
#!/bin/bash
git pull
composer install
sudo php artisan migrate --force
sudo php artisan queue:restart
When pushing a new version, I hop onto the server, cd to the project folder and run ./build.sh
@Snapey By mark in sudo chown mark:mark /var/www/projectname you mean the regular user ?
@Snapey what is purpose of sudo chmod -r 775 ., because it already works without using that, and why are you using sudo for php artisan?
@amir5 mark is my username and group
Sorry, can't remember why sudo
@amir5 It ensures that all folders have user and group write permission.
The only sensitive area is log files and cache. If you run a command as user that creates cache or log entries it can prevent the web server from creating log files or cache entries with the same key
@Snapey > add my user to the www-data group / add www-data to my group
Is there any security consequences of doing that? If someone gets access to www-data, can't do other thing in user space?
https://serverfault.com/a/425729
You won't break anything, but you might cause a security issue, since anyone accessing the www-data account (php scripts, unpatched, hacked pages, etc.) will get read/write access to everything that the 'devs' group has.
@Snapey I made www-data owner and group of node_modules, and vendor. So:
sudo mkdir /var/www/prj and sudo chown user:user /var/www/prj and clone into itmkdir vendor and sudo chown www-data:www-data vendor
mkdir node_modules and sudo chown www-data:www-data node_modules
sudo chown www-data:www-data package-lock.json
sudo mkdir /var/www/.cache and sudo chown www-data:www-data /var/www/.cache (puppeteer chrome files) (repeating this step for /var/www/.config and /var/www/.npm)sudo chown -R www-data:www-data storage
sudo chown -R www-data:www-data bootstrap/cache
sudo -u www-data composer install
php artisan migrate:fresh
#!/usr/bin/bash
latestTag=$(git describe --tags "$(git rev-list --tags --max-count=1)")
sudo -u www-data php artisan down &&
git checkout $latestTag &&
sudo -u www-data npm i && npm run build &&
sudo -u www-data composer install --no-dev --optimize-autoloader &&
sudo -u www-data php artisan migrate --force &&
sudo -u www-data php artisan optimize:clear &&
# sudo -u www-data php artisan ... &&
sudo -u www-data php artisan optimize &&
sudo -u www-data php artisan up
Please or to participate in this conversation.