Why php can not see /tmp files

filesPHPsandboxsystemdtmp

i have simple test.php page:

<pre><?php system("ls -la /tmp"); ?></pre>

which always shows just: . and .. folders and nothing else in browser.

in the command line:

1) ls -la /tmp
2) sudo -u http ls -la /tmp
3) php test.php
4) sudo -u http php test.php

all this commands returns full list of directory files/subdirs.

What is the reason for this???

And problem is "/tmp" folder related because ls -lah /usr works OK.

i tested this on 4 comps (one of them was debian with php 5.0.6 and there php shows all files OK like i expected, other 3 comps has php7 and shows empty /tmp).

update:

even after adding http to sudoers file and running 'sudo ls /tmp', problem is the same on php versions >7.

but runing 'system("echo aaa > /tmp/aaa.txt; ls -la /tmp") shows . , .. , and aaa.txt file owned by http:http. So is this some new php restriction and how it is posible to interfere on /tmp files only.

update2:

but aaa.txt is not inside /tmp, and by running find /tmp -name aaa.txt, i see that it is inside /tmp/systemd-private-2cf1853410ad4ade980ec17e883771c3-httpd.service-lZ22gS/tmp/aaa.txt .

so finaly it is related to something called "systemd /tmp isolation"… that i need to learn about.

Changing true to false inside: /etc/systemd/system/multi-user.target.wants/httpd.service:

[Service]
PrivateTmp=false
...

solves my problem, but i am wondering is it possible to avoid this without changing service file.

Best Answer

I am running Ubuntu 18.04 and /usr/lib/systemd did not contain any services for http or apache2. However, I executed the following command:

sudo find / -mount -type f -exec grep -e "PrivateTmp" '{}' ';' -print

and found in /lib/systemd/apache2.service the PrivateTmp=true. Changing true to false and executing

systemctl daemon-restart
systemctl restart apache2

fixed the problem.

Related Solutions

Why is `systemd-tmpfiles –clean` not working

I have run into the same problem recently and found this question, so i am sharing my experience.

Actually systemd-tmpfiles has full support for recursive directory tree processing as you would expect (the other answer confused me enough to check the source code). The reason files was not deleted (in my case) was atime. systemd-tmpfiles checks ctime (except for directories), mtime and atime and all three (or two) of them must be old enough for the file (or directory) to be deleted.

Actually there may be other reasons, because systemd-tmpfiles has a lot of internal rules for skipping files. To find out why some files are not deleted, run systemd-tmpfiles as following:

env SYSTEMD_LOG_LEVEL=debug systemd-tmpfiles --clean

It will probably dump a lot of output into your console. Note that if you try to redirect stdout to e.g. a file, output disappears and is sent to systemd journal (so that it can be obtained via e.g. journalctl). In my case the output was also cut in the middle (or i just do not know how to use journalctl), so my solution was to temporarily increase history buffer in my terminal emulator.

Apache – How to a service with PrivateTmp=true access a unix socket in the /tmp directory (e.g. to submit Torque jobs from PHP running in Apache)

In 2013, trqauthd stopped using IP sockets and switched to a Unix domain socket in the server's home directory.

Later that same year, trqauthd switched from the home directory to /tmp.

As you can see, the only option that Adaptive Computing has given to you for altering /tmp/trqauthd-unix is to re-compile the programs from source, changing the --with-trqauthd-sock-dir build configuration option to denote somewhere other than /tmp. (/run/trqauthd perhaps?)

Best Answer

Related Solutions

Why is `systemd-tmpfiles –clean` not working

Apache – How to a service with PrivateTmp=true access a unix socket in the /tmp directory (e.g. to submit Torque jobs from PHP running in Apache)

Related Question