I'm new to Laravel and I find this framework awesome.
Artisan is also great but a have a little problem using it.
Let's say that I create a new Controller with Artisan like this
php artisan make:controller Test
There will be a new file in app/Http/Controllers named Test and the permission on this file will be root:root
When I want to edit this file with my editor over ftp I can't because I'm not logged as root.
Is there any ways to tell Artisan to create files with www-data group for example (without doing an chown command) ?
Since you have root shell access, the following command will execute another one using the www-data user-
sudo -u www-data php artisan make:controller Test
Replace www-data with whatever the username your web server operates under, or the username you login to the FTP service with.
When you do this, the controller will be owned by www-data, which is what you want.
Note: do not ever run commands copy-pasted from the internet without knowing exactly what they do, especially in a root shell.
In this case, the -u parameter tells sudo to execute the command as a specific user, not as the root user.
From the manpage:
-u user, --user=user
Run the command as a user other than the default target user (usually root ). The user may be
either a user name or a numeric user ID (UID) prefixed with the ‘#’ character (e.g. #0 for UID
0). When running commands as a UID, many shells require that the ‘#’ be escaped with a backslash
(‘\’). Some security policies may restrict UIDs to those listed in the password database. The
sudoers policy allows UIDs that are not in the password database as long as the targetpw option
is not set. Other security policies may not support this.
I know this is a really old post but I'd also really advise anyone agains editing your Laravel files over FTP. I used to do this in my pre-Laravel days and it NEVER ended well.
Editing over FTP can have all kinds of problems- dropping connection mid-edit being the least of them. Security and live development errors being a much larger concern.
Develop on your local or dev environment, commit/push to git, then either pipeline to your server or handle your FTP uploads and cleanup after the fact. Pipelines are your best bet if your host will allow them. We use Atlassian BitBucket for ours but the set-up and deployment should be relatively similar for most hosts. Check with your host for documentation on their pipeline set-up:
https://www.atlassian.com/continuous-delivery/tutorials/bitbucket-pipelines
There's also some tutorials online for pipelining straight to FTP (if on a shared host, say):
https://www.savjee.be/2016/06/Deploying-website-to-ftp-or-amazon-s3-with-BitBucket-Pipelines/
It is because you ran a command from root user, try to run the command from the user which you using for edit the project via ftp.
Related
I have created an EC2 instance with Amazon Linux 2 Image. Access to the instance is only allowed via Session Manager and not via SSH.
I have the following users:
ec2-user (Created by default)
ssm-user (Created by default)
root (Created by default)
myrootec2-user (My custom root user created by me from Terraform and with password assigned)
I have tried to disable the root user because I only want to be able to perform administrator actions with the user myrootec2-user.
To do so, I have carried out the following steps:
sudo vim /etc/passwd
And then, I have changed:
root:x:0:0:root:/root:/bin/bash
to
root:x:0:0:root:/root:/sbin/nologin
However, depending on the parameter I assign to the sudo command, I can access or not:
sudo su - # Error: This account is currently not available.
sudo -s # OK: Log in to the root user without errors
Why can I log in with the second command? Do you recommend disabling the root user or could I have problems in the future? What alternative would you recommend otherwise, e.g. assigning a password to root?
I have tried to disable the root user because I only want to be able to perform administrator actions with the user myrootec2-user.
You cannot "disable" the root user. You can disable password login and set the root shell to /sbin/nologin, but you'll still need to sudo to run administrative commands.
If you think you can get away without ever running administrative commands, well, that sounds like an interesting challenge. With the right approach to immutable infrastructure you might be able to do it. You would remove all users access to sudo in addition to your stuff, and root would be close to inaccessible at runtime (certain system processes would still use it).
But your system will still need a root user. It's critical to system functionality.
I've newly started to use Laradock to build my Laravel projects but I have a problem in editing the files such as Controllers, Models, etc which are made by the php artisan command in the Laradock workspace. The reason is the user in the workspace is a root and on the other side, I'm trying to edit the file in my editor by a common user. So every time I have to run the command chmod -R 777 /newCreatedFile.php to change the permission. So is there any solution to handle this problem?
By the way my OS is ubuntu 18.04
In the Laradock Getting Started guide, it explains how to get Laradock running as a specified user:
Note: You can add --user=laradock to have files created as your host’s user. Example:
docker-compose exec --user=laradock workspace bash
I believe this should solve your issue, as you will no longer have the Docker user running these commands. Try it out!
Note: The core issue may just be that whatever user Laradock is running as is not creating files with group permissions that allows the host machine's user write capabilities, hence why the --user flag can be used. It may not actually be running as the root user itself.
I am having a hard time trying to figure out the issue.
I am creating a Model using this Artisan command,
Artisan::call('make:model',['name' =>'Models\\'.$module.'\\'.$model_name]);
For whatever reasons,
1.there is a lock icon in the file
2.owner of the file is www-data
3.the permission for the file is 644 but when I create the Model from CLI the permission of the file is 757.
It all depends who runs the code, in this case web-server runs the code, thus Apache or NGINX is the owner of newly created file (same goes for uploads).
You can change this using
umask
change user/group of web-server
Best option is to use artisan as its meant to be used, from command line.
We moved a Laravel 5.6 Installation from a Windows to a UNIX Webserver. I manage my laravel over the CLI via Putty and develope from my Windows Machine using a Network Path.
I have a strange Problem and just cant find any solution for this, since im also new to Unix/Linux.
When i run a php artisan create command, it works all just fine. Laravel creates the Migration. But i cant edit the Files on my Windows Machine since i got no Permission.
On older Files that was previously generated on my Windows machine, the Right Window on Windows looks like this:
Anyone Read
www-data (Unix User\www-data) Read/Write
www-data (Unix Group\www-data) Read/Write
The rights on the freshly generated Artisan File looks like these. I already added my Unix User to the www-data group.
Anyone read
pm (Unix User\pm) read/write
www-data (Unix Group\www-data) read
I dont know, why the www-data Group dont have read/write Permissions on freshly generated Artisan Files.
I guess you need to change the umask of the user under which artisan is run.
So, go to the root home directory of that user (I guess /home/pm) edit the file ".bashrc" (or create it doesn't exist) and add this line:
umask 2
which is like "when this user create a new file or directory, make it readable and writable for him or users in his group, but only readable for other users"
More info about umask here: https://www.cyberciti.biz/tips/understanding-linux-unix-umask-value-usage.html
Based on a recommendation on stack overflow, i am giving yii framework a spin.
It appears that I am only able to gain shell access to my web server if I log in as root.
I am running through the tutorial, and am having a number of problems typical command to create a web app-
/usr/local/bin/php /home/testuser/public_html/yii/framework/yiic webapp /home/testuser/public_html/demo
Do I have to type /usr/local/bin/php EVERY TIME???
Do I have to type /home/testuser/public_html/yii/framework/yiic in full every time???
Do I have to yype /home/testuser/public_html/demo in full?
As I am logged in as ROOT, I have to chown every file / folder created by root to make the file viewable by testuser!!!
I create a new controller using yii. controller message helloWorld, yii does some funky stuff, but I can't do ANYTHING with the files without chown EVERYTHING!!!
I'm not too confident with SSH, and I know it's all a learning curve, but... having to change file permissions EVERY time, and having to type full directories every time is just a pain.
I know that there are some shortcuts that I will probably learn with time, but if anybody could give me some pointers to make my life about 1M times easier (considering my main objectives at present are to learn yii framework) linux/terminal/shell commands are currently secondary to my requirements.
Here's what I'd do, in this order:
1 - When you login as root issue the command su - testuser. This changes your effective user id and groupid to that of testuser, meaning, you now are operating as that user account. Your current directory should now be the testuser's home directory. To get back to root user just type exit.
2 - Try running php -v without the fullpath. If it prints out a version number then you don't have to use the fullpath to run php. If you get an error then you can add /usr/local/bin to your PATH environment variable in your .profile file which is present in testuser's home directory. If the .profile doesn't exist then you can create it.
3 - Add /home/testuser/public_html/yii/framework to your PATH in testuser's .profile.
After doing all that then the next time you login as root you would be able to do the following:
su - testuser
cd public_html
php yiic webapp demo
And you wont have to worry about permissions since you are creating directories/files as testuser, not root.
See also: StackOverflow question about modifying your PATH