29

I found strange behaviour concerning php and /tmp folder. Php uses another folder when it works with /tmp. Php 5.6.7, nginx, php-fpm.

I execute the same script in two ways: via browser and via shell. But when it is launched via browser, file is not in real /tmp folder:

<?php
$name = date("His");

echo "File /tmp/$name.txt\n";

shell_exec('echo "123" > /tmp/'.$name.'.txt');

var_dump(file_exists('/tmp/'.$name.'.txt'));

var_dump(shell_exec('cat /etc/*release | tail -n 1'));

php -f script.php

File /tmp/185617.txt
bool(true)
string(38) "CentOS Linux release 7.0.1406 (Core)

Where is the file? In /tmp

$ find / -name 185617.txt
/tmp/185617.txt

If access it via http://myserver.ru/script.php I get

File /tmp/185212.txt
bool(true)
string(38) "CentOS Linux release 7.0.1406 (Core)

But where is the file?

$ find / -name 185212.txt
/tmp/systemd-private-nABCDE/tmp/185212.txt

Why does php thinks that /tmp should be in /tmp/systemd-private-nABCDE/tmp?

shukshin.ivan
  • 11,075
  • 4
  • 53
  • 69

3 Answers3

40

Because systemd is configured to give nginx a private /tmp. If you must use the system /tmp instead for some reason then you will need to modify the .service file to read "PrivateTmp=no".

Ignacio Vazquez-Abrams
  • 776,304
  • 153
  • 1,341
  • 1,358
  • 9
    You are right, but that's `php-fpm`, not `nginx`. I changed file `/usr/lib/systemd/system/php-fpm.service` line `PrivateTmp=true` into `PrivateTmp=false`. Now php uses correct `/tmp` folder. – shukshin.ivan May 25 '15 at 20:43
  • 1
    wow this is brilliant. right what we were searching since 2 days :) – Milan Maharjan Mar 02 '16 at 12:01
  • Do consider the security implications of this change. `/tmp` may contain sensitive information and all php-scripts can suddenly access that information. – Gerben Sep 06 '18 at 18:28
  • What if your system does not have the system sub folder? might it be somewhere else? – Scott Sep 07 '18 at 13:36
  • 1
    @Scott `find / -type f -name 'php-fpm.service'`. You'll need to run that as sudo/root most likely but it will recursively located any file starting from the root (/) directory that is named php-fpm.service. – domdambrogia May 23 '19 at 00:31
2

If you are running multiple sites on the server then I think you'll want to leave PrivateTmp=yes so that each site remains segregated even in it's use of temp files. Could be a security issue otherwise, I'd imagine.

Artis
  • 21
  • 2
0

Ignacio Vazquez-Abrams have the correct answer, but let me add my functional solution.

I've try "multi-user.target.wants" solution, it have worked but after restart, but at some point, PrivateTmp go back to true. Like my principal use of Apache2 is PHP, I finally edited php.ini and I've uncomment line sys_temp_dir.

By default system use temp dir assigned by function sys_get_temp_dir. Function sys_get_temp_dir will return "/tmp" but the truth is that your tmp files are storing at some path like /tmp/systemd-private-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX-apache2.service-YYYYYY//tmp/*. So, what work for me was:

Edit php.ini (path can change between PHP versions)

sudo nano /etc/php/7.2/cli/php.ini

Then uncomment sys_temp_dir line

; Directory where the temporary files should be placed.
; Defaults to the system default (see sys_get_temp_dir)
sys_temp_dir = "/tmp"
Benjamin
  • 558
  • 7
  • 15