tags:

views:

509

answers:

2
Q: 

How to override default permissions for files stored by Apache/PHP in /tmp?

I am on Linux, obviously. PHP scripts seem to be running under 'www-data' user. I can also see that uploaded files end up in the default /tmp directory, each with a name prepended by "php". All standard, I guess. The permissions of all these files is -rw------- i.e. 600, user 'www-data', group 'www-data'. The problem is that I have a PostgresQL database server running under user 'postgres' which needs to be able to read these files because it inserts their contents into a database. Currently it cannot, obviously. Of course, as a rule, database queries and functions operate under whoever user connects to the database (I connect as 'www-data' as well), but here we are talking about server side functions which HAVE to be invoked as 'postgres'. This is a PostgresQL limitation, for better or worse.

I do consider security in mind, but I think the world will not go under if I allow either postgres to read these files, or relax permissions of these files.

How do I control the permissions that these files are created with? Obviously PHP creates them itself, e.g. on POST file upload, but I cannot find any configuration switches. Also, my /tmp has permissions 'drwxrwxrwt' (777) and is owned by user 'root', group 'root'.

I tried to change the upload directory with 'php_value upload_tmp_dir ' but it has no effect, it seems - PHP still stores temporary files in /tmp.

I do NOT want to use with 'move_uploaded_file' or 'chmod', since they write to the filesystem, and I want to avoid that, other than the database server inserting record(s).

A: 

Change your script to chmod() the files after uploading?

grawity  2010-02-18 14:24:39
Yes, that would be an option. But I have edited my question, I forgot to state that I am trying to avoid making changes to the filesystem in the script, for performance and complexity reasons.
amn  2010-02-18 14:31:30
+2  A: 

You could try changing the umask settings for Apache in /etc/apache2/envvars

I haven't tried this, but with it added to my envvars file, it would look like this:

# envvars - default environment variables for apache2ctl

# Since there is no sane way to get the parsed apache2 config in scripts, some
# settings are defined via environment variables and then used in apache2ctl,
# /etc/init.d/apache2, /etc/logrotate.d/apache2, etc.
export APACHE_RUN_USER=www-data
export APACHE_RUN_GROUP=www-data
export APACHE_PID_FILE=/var/run/apache2.pid

## The locale used by some modules like mod_dav
export LANG=C
## Uncomment the following line to use the system default locale instead:
#. /etc/default/locale

export LANG

umask 022

As far as I know, this will make Apache create files with permission 644. rw-r--r--

Slokun  2010-02-18 14:49:04
You can also call the umask() from PHP.
nos  2010-02-18 15:02:27
As for Apache envvars, well, I don't want to override default permissions for all files apache creates, just for those created by PHP in upload directory (usually /tmp).P.S. umask() is not thread-safe.
amn  2010-02-18 19:53:27
Well, from the looks of it, you're only options are:1) umask() in PHP2) umask in envvars3) chmod() the file4) move_uploaded_file()I'd say that, of these choices, chmod is the best. You have to do something that will affect your filesystem, since there's no way to set a directory to have default permissions for everything in it.
Slokun  2010-02-18 21:25:38
Thanks. I guess 'umask' will do it.
amn  2010-02-21 16:15:03

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases