Secure the Magento Filesystem
Setting permissions to 777 makes a directory readable, writable, and executable by all users, which is not recommended for security reasons. Now that your Magento site is up and running, you should change the permissions to be more restrictive.
Typically, a good starting point for permissions in a Magento directory are:
- Directories:
755(readable and executable by all, writable only by the owner) - Files:
644(readable by all, writable only by the owner)
You can set these permissions with the following commands:
sudo find /var/www/public_html -type d -exec chmod 755 {} \;
sudo find /var/www/public_html -type f -exec chmod 644 {} \;
However, there are a few directories that Magento needs to write to. For these directories, you can use:
sudo find /var/www/public_html/var -type d -exec chmod 770 {} \;
sudo find /var/www/public_html/pub/media -type d -exec chmod 770 {} \;
sudo find /var/www/public_html/pub/static -type d -exec chmod 770 {} \;
And for files in these directories:
sudo find /var/www/public_html/var -type f -exec chmod 660 {} \;
sudo find /var/www/public_html/pub/media -type f -exec chmod 660 {} \;
sudo find /var/www/public_html/pub/static -type f -exec chmod 660 {} \;
Also, you should ensure that the files and directories are owned by the correct user - typically, the user that the web server runs as. On Debian-based systems, this is usually www-data. You can set the ownership with:
sudo chown -R www-data:www-data /var/www/public_html
Lastly, you should ensure that your app/etc/env.php file is not world-readable, as it contains sensitive data:
sudo chmod 600 /var/www/public_html/app/etc/env.php
Please remember to adjust the paths in the above commands if your Magento installation is in a different location.