Usually the upload_tmp_dir is /tmp. This /tmp directory as some special rights (chmod 1777
), where the really special right is the 1
. This is the sticky bit. It means, for directories, files created in this directory can only be deleted by the file owner, even if any other rwx
rights seems to apply on file.
So having uploaded files stored in a temporary folder with 1777 rights uploaded by apache users means only apache can delete theses files. A good starting point.
You could use this right on your datingPhotoUploads directory. But you could also try to manage it with group ownership of the directory (chmod user2:apache; chmod 2770 datingPhotoUploads;
). Here the 770 part of chmod means read and write and delete for user and group owner of the chmod part. The 2
means every file created on this directory will have the same ownership as the directory, so user2:apache
.
The main problems of upload_tmp_dir are:
- Is this apache writeable directory reachable by the apache user? If you are not using
/tmp
but/some/where/datingPhotoUpload
, apache must be able to read directories content for/some
and/some/where
. So the x right part must be set for others (or for group if apache is the group owner) for all theses preceding paths. - Is this paths available for all my php application or only the running one? This is the main problem with
/tmp
, this directory is available for all PHP application running on your host. Altering upload_tmp_dir on a per-application basis can restrict access to other applications, especially if you set open_basedir restrictions on all php applications and that only the current application allows/some/where/datingPhotoUpload
in theopen_basedir
setting. - Is this directory big enough in size? Be carefull with big uploads or mass-uploads. What will happen when this directory will be filled by a malicious user?
- Am I sure there is no way to execute any code in this directory? Uploading images containing php code in exim data is an example of code inclusion attacks, are you sure this directory is outside the web server Directory root? are you sure any special path targeting this directory would not allow php execution (remove php handlers on this Directory maybe)?