PHP. Permissions of upload temp file under /tmp . How to configure

0
votes

In my PHP class i upload files and then scan them with antivirus. Uploaded files are stored in /tmp with names like /tmp/phpRANDOM (allas usually)

But when i pass this path to clamav server it returns "Access denied". For other files (not in /tmp) all works fine. The reason is that /tmp/php... files have permissions rw------ (read/write only by owner). but clamav works as different user from apache/php .

So, the question. How PHP decides which permissions to use for upload temp files? How i can configure this? maybe this is some umask configured on a user level? If i want to have rw--r--r-- permissions for files in /tmp folder , are there any reasons not doing this (security)?

1
phppermissionsclam
You can set the umask of the process writing the temporary files to grant access to the user group. Then you should add the clamav user to the user group those files are created under (probably something like www-data). That should solve the issue. - arkascha
A question however: why should one want to virus scan files on a linux based server? To protect MS-Windows client systems? Why? - arkascha
How to set umask? This process is php-fpm. Where is this configured? - Roman Gelembjuk
Either you set the general umask of the fpm patent process in it's startup script, or, better, use use php's umask function in you code where you need to. - arkascha

1 Answers

1
votes

I have found the solution. I just change permissions to files before posting them to clamav

It is like

$perm = fileperms($filepath) | 0644;
chmod($filepath, $perm);

And it works fine