php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #55060 upload_tmp_dir and permissions
Submitted: 2011-06-29 04:04 UTC Modified: 2021-09-05 04:22 UTC
Votes:21
Avg. Score:4.3 ± 1.0
Reproduced:17 of 17 (100.0%)
Same Version:7 (41.2%)
Same OS:7 (41.2%)
From: hotwine at excite dot it Assigned: cmb (profile)
Status: No Feedback Package: Filesystem function related
PHP Version: 5.3.6 OS: Windows Server 2008 R2
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2011-06-29 04:04 UTC] hotwine at excite dot it
Description:
------------
Hi,


I have a problem with the ini_set upload_tmp_dir. In my scenario it is ignored and it's used the default value ("C:\Windows\Temp").
My configuration is the following:

OS: Windows Server 2008 R2 (with IIS 7.5)
php: 5.3.3 (also tried with 5.3.6). Both with fastCgi enabled (with impersonating correctly enabled).

Main entries of the related php.ini

include_path = ".;C:\inetpub\wwwroot\MYSITE\"
upload_tmp_dir = "C:\inetpub\wwwroot\SESSION"
session.save_path = "C:\inetpub\wwwroot\SESSION"
doc_root = "C:\inetpub\wwwroot\MYSITE\"
open_basedir = "C:\inetpub\wwwroot\MYSITE\"

Permissions of the related IUSR user on the preceding folder:

Full control on "C:\inetpub\wwwroot\SESSION"
Read & Execute, List folder contents, Read on all the directory (including all the content) "C:\inetpub\wwwroot\MYSITE"
Full control on "C:\inetpub\wwwroot\MYSITE\upload"

With the preceding configuration a warning occurs when I try to upload a file.
The warning is related to the operations performed before moving the file from the temporary directory to the final directory.

PHP Warning:  Unknown: open_basedir restriction in effect. File(C:\Windows\TEMP\) is not within the allowed path(s): (C:\inetpub\wwwroot\MYSITE\) in Unknown on line 0
PHP Warning:  File upload error - unable to create a temporary file in Unknown on line 0

Because the preceding warning, I concluded that the upload_tmp_dir entry was not correctly received by the php engine.
The php documentation (http://www.php.net/manual/en/ini.core.php#ini.upload-tmp-dir)
says that "If the directory specified here is not writable, PHP falls back to the system default temporary directory."
But in my case the directory was writable.

Debugging the request with Process Monitor (a Russinovich software), I've found that the php-cgi.exe doesn't perform any operation
with the IUSR user and the following path "C:\inetpub\wwwroot\SESSION". Only the path "C:\inetpub\wwwroot" (the parent) was checked,
with ACCESS DENIED (rightly,because the IUSR user doesn't own any permission on that directory).


So I tried to create a new folder within the "C:\inetpub\wwwroot\SESSION" directory with name A (path "C:\inetpub\wwwroot\SESSION\A"),
in a manner that the parent of the A directory were accessible from the IUSR user. And I've changed the ini upload_tmp_dir with the
value  "C:\inetpub\wwwroot\SESSION\A"




With this configuration it works without any warning and the file has been correctly sent:

Main entries of the related php.ini:

include_path = ".;C:\inetpub\wwwroot\MYSITE\"
upload_tmp_dir = "C:\inetpub\wwwroot\SESSION\A"
session.save_path = "C:\inetpub\wwwroot\SESSION"
doc_root = "C:\inetpub\wwwroot\MYSITE\"
open_basedir = "C:\inetpub\wwwroot\MYSITE\"

Permissions of the related IUSR user on the preceding folder:

Full control on "C:\inetpub\wwwroot\SESSION"
Read & Execute, List folder contents, Read on all the directory (including all the content) "C:\inetpub\wwwroot\MYSITE"
Full control on "C:\inetpub\wwwroot\MYSITE\upload"


Then I've experienced that the necessary condition of a working upload_tmp_dir is that two requirements are satisfied:
- the user IUSR owns the writable rights on the upload_tmp_dir directory
- the user IUSR owns the List folders content right on the parent of the upload_tmp_dir directory

I think that it isn't the desirable behaviour. Anyone of us can confirm that?


Thanks.


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-08-30 11:11 UTC] campolungo at libero dot it
I've looked around for hours to solve the same upload problem.

Thank you very much
 [2017-05-03 15:10 UTC] andreshm1 at gmail dot com
PHP is ignoring this because of one  setting on APPLICATION POOLS. 
It's not php-cgi nor php.ini.
go to the application pool of the website experiencing the issue:
1. right click 
2. select advanced settings
3. scroll to LOAD USER PROFILE and set it to FALSE.

that did the trick for me.
 [2021-08-26 15:40 UTC] cmb@php.net
-Status: Open +Status: Feedback -Assigned To: +Assigned To: cmb
 [2021-08-26 15:40 UTC] cmb@php.net
I cannot reproduce this.  Is it still an issue for you with any of
the actively supported PHP versions[1]?

[1] <https://www.php.net/supported-versions.php>
 [2021-09-05 04:22 UTC] php-bugs at lists dot php dot net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Tue Oct 26 03:03:35 2021 UTC