如何覆盖 Apache/PHP 在 /tmp 中存储的文件的默认权限?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/2289225/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to override default permissions for files stored by Apache/PHP in /tmp?
提问by amn
I am on Linux, obviously. PHP scripts seem to be running under 'www-data' user. I can also see that uploaded files end up in the default /tmp directory, each with a name prepended by "php". All standard, I guess. The permissions of all these files is -rw------- i.e. 600, user 'www-data', group 'www-data'. The problem is that I have a PostgresQL database server running under user 'postgres' which needs to be able to read these files because it inserts their contents into a database. Currently it cannot, obviously. Of course, as a rule, database queries and functions operate under whoever user connects to the database (I connect as 'www-data' as well), but here we are talking about server side functions which HAVE to be invoked as 'postgres'. This is a PostgresQL limitation, for better or worse.
显然,我使用的是 Linux。PHP 脚本似乎在“www-data”用户下运行。我还可以看到上传的文件最终位于默认的 /tmp 目录中,每个目录的名称都以“php”开头。我猜都是标准的。所有这些文件的权限是-rw------- 即600,用户'www-data',组'www-data'。问题是我有一个在用户“postgres”下运行的 PostgresQL 数据库服务器,它需要能够读取这些文件,因为它将它们的内容插入到数据库中。目前它不能,显然。当然,作为一项规则,数据库查询和函数在任何用户连接到数据库的情况下运行(我也连接为“www-data”),但这里我们讨论的是必须作为“postgres”调用的服务器端函数. 这是一个 PostgresQL 限制,
I do consider security in mind, but I think the world will not go under if I allow either postgres to read these files, or relax permissions of these files.
我确实考虑了安全性,但我认为如果我允许 postgres 读取这些文件,或者放宽这些文件的权限,世界就不会崩溃。
How do I control the permissions that these files are created with? Obviously PHP creates them itself, e.g. on POST file upload, but I cannot find any configuration switches. Also, my /tmp has permissions 'drwxrwxrwt' (777) and is owned by user 'root', group 'root'.
如何控制创建这些文件的权限?显然 PHP 自己创建它们,例如在 POST 文件上传时,但我找不到任何配置开关。此外,我的 /tmp 具有权限“drwxrwxrwt”(777)并且归用户“root”、组“root”所有。
I tried to change the upload directory with 'php_value upload_tmp_dir ' but it has no effect, it seems - PHP still stores temporary files in /tmp.
我尝试使用 'php_value upload_tmp_dir ' 更改上传目录,但似乎没有效果 - PHP 仍将临时文件存储在 /tmp 中。
I do NOT want to use with 'move_uploaded_file' or 'chmod', since they write to the filesystem, and I want to avoid that, other than the database server inserting record(s).
我不想与 'move_uploaded_file' 或 'chmod' 一起使用,因为它们写入文件系统,我想避免这种情况,除了数据库服务器插入记录。
回答by Tarka
You could try changing the umask settings for Apache in /etc/apache2/envvars
您可以尝试在 /etc/apache2/envvars 中更改 Apache 的 umask 设置
I haven't tried this, but with it added to my envvars file, it would look like this:
我还没有尝试过这个,但是将它添加到我的 envvars 文件中,它看起来像这样:
# envvars - default environment variables for apache2ctl
# Since there is no sane way to get the parsed apache2 config in scripts, some
# settings are defined via environment variables and then used in apache2ctl,
# /etc/init.d/apache2, /etc/logrotate.d/apache2, etc.
export APACHE_RUN_USER=www-data
export APACHE_RUN_GROUP=www-data
export APACHE_PID_FILE=/var/run/apache2.pid
## The locale used by some modules like mod_dav
export LANG=C
## Uncomment the following line to use the system default locale instead:
#. /etc/default/locale
export LANG
umask 022
As far as I know, this will make Apache create files with permission 644. rw-r--r--
据我所知,这将使 Apache 创建具有权限 644 的文件。 rw-r--r--
