The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Permission of /tmp/ files

Discussion in 'General Discussion' started by GoWilkes, Dec 18, 2010.

  1. GoWilkes

    GoWilkes Well-Known Member

    Joined:
    Sep 26, 2006
    Messages:
    367
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Can you guys suggest a way to change the permission of the files created in /tmp/ via PHP sessions?

    I'm trying to access the session files from Perl, but PHP creates the files with permission 0600 by default (user "nobody"). The permission of the /tmp/ directory is set to 1777.

    FWIW, my site is the only one on the server, so there's no concern of other accounts accessing the files.
     
  2. ModServ

    ModServ Well-Known Member

    Joined:
    Oct 17, 2006
    Messages:
    332
    Likes Received:
    5
    Trophy Points:
    18
    Location:
    Egypt
    cPanel Access Level:
    Root Administrator
    Could you please provide the output of these two commands ?

    HTML:
    /usr/local/cpanel/bin/rebuild_phpconf --current
    
    HTML:
    umask
     
  3. GoWilkes

    GoWilkes Well-Known Member

    Joined:
    Sep 26, 2006
    Messages:
    367
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    rebuild_phpconf --current:

    Available handlers: dso cgi none
    DEFAULT PHP: 5
    PHP4 SAPI: none
    PHP5 SAPI: dso
    SUEXEC: enabled


    umask:
    0022

    That second "0" was a surprise; I expected it to just return 022.
     
  4. twhiting9275

    twhiting9275 Well-Known Member

    Joined:
    Sep 26, 2002
    Messages:
    538
    Likes Received:
    15
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Twitter:
    this is the expected reaction with /tmp/ files and files created by the user nobody.
    You don't want them world readable, you want them user readable. Why? You never know WHAT these files will contain. Some developers still put passwords (though maybe encrypted) into sessions, etc. You want these readable by as few people as possible.

    Assuming you have the perl script running as root, you can do a simple chmod
    Code:
    chmod a+r /tmp/*sess*
    
    in the script itself before you try to access the files maybe, then change permissions back
    Code:
    chmod o-r /tmp/*sess*
    
    This will only work though, if your script is run as root.

    Good luck, hope that helps at least a little bit!
     
  5. GoWilkes

    GoWilkes Well-Known Member

    Joined:
    Sep 26, 2006
    Messages:
    367
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    On my end, it looks like Perl is running as Group, so it doesn't have the ability to change the permission. Security isn't a major issue; I have a dedicated server with only one site on it (mine), so there's no concern of another account picking up data from the same directory.

    Would this work?

    session_start();

    $sess_file = "/tmp/sess_" . session_id();

    if (!$_SESSION['whatever']) {
    // Only change permission of new sessions
    if (is_file($sess_file)) {
    chmod($sess_file, 0644);

    chown($sess_file, "myaccount");
    chgrp($sess_file, "myaccount");
    }

    $_SESSION['whatever'] = "whatever";
    }


    In running this, changing the permission worked, but chown and chgrp gave an error that the "operation is not permitted".
     
  6. GoWilkes

    GoWilkes Well-Known Member

    Joined:
    Sep 26, 2006
    Messages:
    367
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    For my purposes, in order to share PHP sessions with Perl, it looks like I don't need to change the owner and group; all I needed was to change the permission. So, this worked fine:

    session_start();
    $sess_file = "/tmp/sess_" . session_id();

    if (!$_SESSION['whatever']) {
    if (is_file($sess_file)) chmod($sess_file, 0644);

    $_SESSION['whatever'] = "whatever";
    }


    I can then access it in Perl using PHP::Session.

    If anyone knows of a better way, please feel free to post it! Ideally, I would be able to modify PHP itself to create all files as 0644. But for now, this workaround seems to work.
     
Loading...

Share This Page