framework: Folders created for a new file with public permissions are created with private permissions (the resulting file would not accessible publicly)

  • Laravel Version: 9.11
  • PHP Version: 8.1
  • Database Driver & Version: NA

Description:

If the user wants to store a new file (with public permissions) in the storage folder in a path that has folders that do not exist at the time of file creation. Then the folders will be created with private permissions and not public permissions like the file. This will render the file inaccessible.

Steps To Reproduce:

  • Make sure the permissions are stored correctly in flysystems.php for public folders 0755 and for private folders 0700
  • Go to tinker and paste this command to create a new file Storage::put('hello/world/helloworld.txt', 'hello', 'public'); or Storage::put('hello/world/helloworld.txt', 'hello');
  • Go to the folder /app/storage/app and view the permissions for folder hello

Expected Result:

  • The folders hello and world will have 0755 permission (public).

Actual Result:

  • The folders hello and world will have 0700 permission (private).

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Comments: 15 (5 by maintainers)

Most upvoted comments

Actually, this is because Flysystem v3 is a bit stricter on directory permissions and has private visibility for directories by default. The files will also still be accessible. I tried that with setting the public storage link and put the directory and the file in the storage/app/public directory and I was able to access the file through the web. It doesn’t matter if the directory is private.

You can set a separate 'directory_visibility' => 'public', in your disk config if you want.

+6
driesvints on Jun 2, 2022

For anyone ending up here because of new folders being created with the 700 permission, this is how I’ve solved the issue for me:

$path = Storage::putFileAs(
    $main_folder . $folder, 
    $file, 
    $filename,
    [
        'visibility' => 'public',
        'directory_visibility' => 'public'
    ]
);
+5
serdarcevher on Nov 3, 2022

Same problem on Laravel 10. The problem is not visible in the dev instance, where Sail uses the same Docker container for PHP end Nginx. The problem arises on our staging/production instances, where Laradock uses several Docker containers: php-fpm and nginx. As far as I know they should be executed by the same user, I can’t explain why such problem arises.

The undocumented feature ‘directory_visibility’ in Storage::put() solves the problem for me (thanks @serdarcevher )

+3
vitomeuli on Mar 30, 2023

@Fossil01 Same bro,

“I can set [‘visibility’ => ‘public’, ‘directory_visibility’ => ‘public’] as the options that make it work. But this should be fixed or have some info added to the docs.”

This destroys the benefits of using disks having the default pre-sets in the disk config.

This is the exact issue I’ve been facing since 2022 as posted in the above comments. These directory permissions should work on the disk config level. There still no answer to this problem

+1
ARehmanMahi on Mar 11, 2024
Read more comments on GitHub
← framework: firstOrNew/firstOrCreate not working with json data type.
framework: [FormRequest] validated() method causes the validation to be called again. →