10

I got the following error when entering my site on a production server:

The stream or file "/var/app/current/storage/logs/laravel-2019-11-22.log" could not be opened: failed to open stream: Permission denied

I tried running the following commands and got Permisions denied in the terminal:

php artisan cache:clear
php artisan config:clear
php artisan config:cache
php artisan optimize:clear

I ran chmod -R 775 storage/logs/ and composer dump-autoload and I was able to get onto the home page of my site without any errors. After surfing around the site a bit more I was getting the same error in various areas and not in others:

Again same error

The stream or file "/var/app/current/storage/logs/laravel-2019-11-22.log" could not be opened: failed to open stream: Permission denied

I deleted the following files and ran php artisan cahce:clear:

/bootstrap/cache/packages.php
/bootstrap/cache/services.php
/bootstrap/cache/config.php.php

The only other advice I've seen is run:

sudo chmod -R 777 storage/*

Which seems like a bad idea on a production server, but seems to be upvoted answer. Should I just give my storage director 777 permissions and why? Is there another way of fixing this?

Edit:

I'm trying to do this as stated here:

// set current user as owner and the webserver user as the group
sudo chown -R $USER:www-data storage
sudo chown -R $USER:www-data bootstrap/cache
// set directory permission to be 775
chmod -R 775 storage
chmod -R 775 bootstrap/cache

but when I run sudo chown -R $USER:www-data storage I get this error:

chown: invalid group: ‘myusername:www-data’

Kyle Corbin Hurst
  • 917
  • 2
  • 10
  • 26
  • 2
    Give 775 permission to directory and 664 permission to files – Sagar Gautam Nov 22 '19 at 05:30
  • Ok so `chmod -R 775 storage/logs/`, can you give permissions to files that may not be created yet? I'm unsure how to do this? – Kyle Corbin Hurst Nov 22 '19 at 05:32
  • 1
    I am talking about permission of all files and folder in laravel, you can do it like this: `sudo find /path/to/your/laravel/root/directory -type f -exec chmod 664 {} \;` `sudo find /path/to/your/laravel/root/directory -type d -exec chmod 775 {} \;` – Sagar Gautam Nov 22 '19 at 05:34
  • In addition to the permissions you have to set the user:group owners of the directoriy, www-data is usually the apache user name on ubuntu. So, try with `sudo chown $USER:www-data ./storage -R` , or run `ps aux | egrep '(apache|httpd)'` to show what apache is running as, and change www-data for your server username. – porloscerros Ψ Nov 22 '19 at 05:49
  • @porloscerrosΨ just to be clear: I give all of my files a 664 permissions and all of directories 775 as @ Sagar Gautam said. Then I set the user owner of the directory? which I think is `ec2-user`. I already did `sudo chown -R ec2-user /var/app/current/` so didn't I already do this? – Kyle Corbin Hurst Nov 22 '19 at 05:59
  • the permissions are fine, but it was not necessary to apply them to the entire application directory, only to the `/storage` directory and `/bootstrap/cache`, anyway it can still work. But it must be the user of the server who can write there, so the owner of those directories could be that user. The trick of assigning the owner to your user and the group to the server user is so that both, you and the server, can write there. – porloscerros Ψ Nov 22 '19 at 06:11
  • 1
    These are the commands that I always use after installing a Laravel project and they work well. From the root directory of the application I run `sudo chown $USER:http ./storage -R` then `sudo chown $USER:http ./bootstrap/cache -R` then `find ./storage -type d -exec chmod 775 {} \;` then `find ./storage -type f -exec chmod 664 {} \;` and then `find ./bootstrap/cache -type d -exec chmod 775 {} \;` – porloscerros Ψ Nov 22 '19 at 06:15
  • I'm trying to run `sudo chown $USER:http ./storage -R` and getting `chown: invalid group: ‘ec2-user:http’` – Kyle Corbin Hurst Nov 22 '19 at 06:19
  • Just to be clear, `http` is the username of my server, but could be `www-data` or other depends of what server are you using, and how it is configured. What server do you have installed? – porloscerros Ψ Nov 22 '19 at 06:19
  • It says >64bit Amazon Linux/2.9.0 Would you like me to make an edit to my question showing the response of: `ps aux | egrep '(apache|httpd)'` ? – Kyle Corbin Hurst Nov 22 '19 at 06:27
  • Your server is probably apache or nginx, then see what the name of the user is in the first column. If none appears with that command, which is filtering the apache processes, run just `ps aux`, but don't post all your system users, look at something like this `nobody 27431 0.0 0.0 13232 1716 ? S 03:31 0:00 nginx: worker process` for nginx, or `http 27272 0.0 0.1 83168 8612 ? S 03:30 0:00 apache2` for apache, the username is the first column, probably `www-data`, `nobody`, `http` or `www` – porloscerros Ψ Nov 22 '19 at 06:47
  • Okay, I ran `ps aux`, I can see the users I have, I copied the output to my text editor and did a "find" on nginx and apache2 with no results. – Kyle Corbin Hurst Nov 22 '19 at 07:22
  • Okay, I ran `httpd -v` and it turns out I'm running `Apache/2.4.39 (Amazon)` I'm also running `sudo chown -R $USER:www-data storage` and getting `chown: invalid group: ‘emyusername:www-data’` – Kyle Corbin Hurst Nov 22 '19 at 09:12
  • [I think I found someone with a similar issue.](https://stackoverflow.com/questions/27611608/ec2-user-permissions) – Kyle Corbin Hurst Nov 22 '19 at 09:34
  • 2
    Sorry, I was late yesterday to continue the discussion. I checked the link you provided, and from what it says there, the server's username is `apache`, so you can try with `sudo chown $USER:apache ./storage -R`, then `find ./storage -type d -exec chmod 775 {} \;` and `find ./storage -type f -exec chmod 664 {} \;`. I don't know about that AWS service to say it with certainty, but in summary, you have to find what the username the server uses, and give it write permissions on `/storage` and `/bootstrap/cache` directories and sub-directories. – porloscerros Ψ Nov 22 '19 at 15:42
  • No worries buddy, I did what you said. It didn't work get rid of the error. The permissions on the log file seem fine and allow for any one to read: `-rw-rw-r-- 1 ec2-user apache 14544 Nov 22 22:53 laravel-2019-11-22.log` How would I find out what the servers name is? – Kyle Corbin Hurst Nov 22 '19 at 22:59

2 Answers2

9

Alright I got the answer:

AWS AMI uses webapp as the web user, not apache or ec2-user as the file shows. In that case, the webapp user has no access rights over those files.

sudo chown $USER:webapp ./storage -R

find ./storage -type d -exec chmod 775 {} \;

find ./storage -type f -exec chmod 664 {} \;
Kyle Corbin Hurst
  • 917
  • 2
  • 10
  • 26
  • 1
    running `ps aux` and seeing what users was runnig `php-fpm` and changing the user to that worked for me... for some reason the user was `www-data`. – Lemmings19 Feb 18 '21 at 09:51
6

Using the console, go to your synced folder (vagrant)

sudo chown -R $USER:www-data storage
chmod -R 775 storage
Computerz_man
  • 61
  • 1
  • 5