Many junior developers are ready to set the permission to 777 for their project directory e.g. Laravel.
So if you are setting your folder permissions to 777 you have opened your server to anyone that can find that directory.
We can fix that easily. follow the next few steps.

There are basically two ways to setup your ownership and permissions for your directory on your project. Either you give yourself ownership or you make the web server the owner of all files like apache.

Web server as owner (the way most people do it for Laravel directory way)
So we are assuming www-data for apache (it could be something else for different web servers) is your web server user.

sudo chown -R www-data:www-data /path/to/your/laravel/root/directory

or if you are in particular directory then follow the above command.

sudo chown -R www-data:www-data .

if you do that, the web server owns all the files for you, and is also the group, and you will have some problems uploading files or working with files via FTP, because your FTP client will be logged in as you, not your web server (www-data), so add your user to the web server user group:
assuming that ubuntu is your current user for ftp.

sudo usermod -a -G www-data ubuntu

Then you set all your directories to 755 or 775 and your files to 644 or 664. In next step we will SET file permissions.

for directory

sudo find /path/to/your/laravel/root/directory -type d -exec chmod 775 {} \;

for files

sudo find /path/to/your/laravel/root/directory -type f -exec chmod 664 {} \;

Now, you’re secure and your website works, AND you can work with the files fairly easily.

Stop using /phpmyadmin publicly.
we have to stop using it, only localhost can access it where you are with your PC.

You can restrict who can access the given location (URL path) using your web-server configuration. For example, if you use Apache on Ubuntu, then edit /etc/phpmyadmin/apache.conf to include Order, Deny and Allow directives (only the relevant part included):

sudo nano /etc/phpmyadmin/apache.conf
<Directory /usr/share/phpmyadmin>
    Options Indexes FollowSymLinks
    DirectoryIndex index.php

    Order deny,allow
    Deny from all
    Allow from 127.0.0.1
</Directory>

Now we have situation where cann’t accessing phpmyadmin from remote URL (http://YOURIPADDRESS/phpmyadmin) but still we want to access phpmyadmin for some reason like database update and view only.

Below is a gist for how to enable phpmyadmin only from localhost

Allow phpmyadmin only from localhost

This is can be accomplish by creating a tunnel between server using our ssh keys (.pem or .ppk).

Using .ppk

Add tunnel setting

Go to Connection->SSH->Tunnels in putty (make sure you have a connection string for your server configured with Auth using ppk file)

file

Add Login Data

Go to Connection->Data

add your username for server, in my case my ssh username for my ubuntu server is ubuntu.

file

Now go back to session and save the settings.

Now open http://127.0.0.1:8888/phpmyadmin/
You can access the remote db from your local server using tunnel.

Using .pem

suggested by @thedijje

Navigate to your pem file and type following commands.

ssh -N -L 8888:127.0.0.1:80 -i keyfile.pem [email protected]

example

ssh -N -L 8888:127.0.0.1:80 -i .\server.pem [email protected]

Now open http://127.0.0.1:8888/phpmyadmin/
You can access the remote db from your local server using tunnel.

Note: make sure your pem file permission is set to 400.

🙂

Spread the love
Last modified: June 22, 2020

Comments

Sumit Kumar 

Thank you for sharing this.

Write a Reply or Comment

Your email address will not be published.