Edit report at https://bugs.php.net/bug.php?id=55060&edit=1
ID: 55060
Comment by: campolungo at libero dot it
Reported by: hotwine at excite dot it
Summary: upload_tmp_dir and permissions
Status: Open
Type: Bug
Package: Filesystem function related
Operating System: Windows Server 2008 R2
PHP Version: 5.3.6
Block user comment: N
Private report: N
New Comment:
I've looked around for hours to solve the same upload problem.
Thank you very much
Previous Comments:
------------------------------------------------------------------------
[2011-06-29 04:04:09] hotwine at excite dot it
Description:
------------
Hi,
I have a problem with the ini_set upload_tmp_dir. In my scenario it is ignored
and it's used the default value ("C:\Windows\Temp").
My configuration is the following:
OS: Windows Server 2008 R2 (with IIS 7.5)
php: 5.3.3 (also tried with 5.3.6). Both with fastCgi enabled (with
impersonating correctly enabled).
Main entries of the related php.ini
include_path = ".;C:\inetpub\wwwroot\MYSITE\"
upload_tmp_dir = "C:\inetpub\wwwroot\SESSION"
session.save_path = "C:\inetpub\wwwroot\SESSION"
doc_root = "C:\inetpub\wwwroot\MYSITE\"
open_basedir = "C:\inetpub\wwwroot\MYSITE\"
Permissions of the related IUSR user on the preceding folder:
Full control on "C:\inetpub\wwwroot\SESSION"
Read & Execute, List folder contents, Read on all the directory (including all
the content) "C:\inetpub\wwwroot\MYSITE"
Full control on "C:\inetpub\wwwroot\MYSITE\upload"
With the preceding configuration a warning occurs when I try to upload a file.
The warning is related to the operations performed before moving the file from
the temporary directory to the final directory.
PHP Warning: Unknown: open_basedir restriction in effect.
File(C:\Windows\TEMP\) is not within the allowed path(s):
(C:\inetpub\wwwroot\MYSITE\) in Unknown on line 0
PHP Warning: File upload error - unable to create a temporary file in Unknown
on line 0
Because the preceding warning, I concluded that the upload_tmp_dir entry was
not correctly received by the php engine.
The php documentation
(http://www.php.net/manual/en/ini.core.php#ini.upload-tmp-dir)
says that "If the directory specified here is not writable, PHP falls back to
the system default temporary directory."
But in my case the directory was writable.
Debugging the request with Process Monitor (a Russinovich software), I've found
that the php-cgi.exe doesn't perform any operation
with the IUSR user and the following path "C:\inetpub\wwwroot\SESSION". Only
the path "C:\inetpub\wwwroot" (the parent) was checked,
with ACCESS DENIED (rightly,because the IUSR user doesn't own any permission on
that directory).
So I tried to create a new folder within the "C:\inetpub\wwwroot\SESSION"
directory with name A (path "C:\inetpub\wwwroot\SESSION\A"),
in a manner that the parent of the A directory were accessible from the IUSR
user. And I've changed the ini upload_tmp_dir with the
value "C:\inetpub\wwwroot\SESSION\A"
With this configuration it works without any warning and the file has been
correctly sent:
Main entries of the related php.ini:
include_path = ".;C:\inetpub\wwwroot\MYSITE\"
upload_tmp_dir = "C:\inetpub\wwwroot\SESSION\A"
session.save_path = "C:\inetpub\wwwroot\SESSION"
doc_root = "C:\inetpub\wwwroot\MYSITE\"
open_basedir = "C:\inetpub\wwwroot\MYSITE\"
Permissions of the related IUSR user on the preceding folder:
Full control on "C:\inetpub\wwwroot\SESSION"
Read & Execute, List folder contents, Read on all the directory (including all
the content) "C:\inetpub\wwwroot\MYSITE"
Full control on "C:\inetpub\wwwroot\MYSITE\upload"
Then I've experienced that the necessary condition of a working upload_tmp_dir
is that two requirements are satisfied:
- the user IUSR owns the writable rights on the upload_tmp_dir directory
- the user IUSR owns the List folders content right on the parent of the
upload_tmp_dir directory
I think that it isn't the desirable behaviour. Anyone of us can confirm that?
Thanks.
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=55060&edit=1
