Bug 789587
| Summary: | upload_tmp_dir is not properly set | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Nicolas Mailhot <nicolas.mailhot> | ||||
| Component: | systemd | Assignee: | systemd-maint | ||||
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
| Severity: | unspecified | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | rawhide | CC: | dwalsh, fedora, johannbg, jorton, metherid, mschmidt, notting, plautrba, rpm, systemd-maint | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2012-02-14 18:44:37 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
|
Description
Nicolas Mailhot
2012-02-11 14:45:46 UTC
/var/lib/php/session is only for session. From http://php.net/upload-tmp-dir Should use /tmp, which have never cause any trouble. if I leave upload-tmp-dir unset or if I set it manually to tmp both squirelmail and roundcube fail at attaching documents to mails if I set it manually to /var/lib/php/session things work selinux is in permissive mode, sot that's not it (maybe some systemd cgroup stuff) anyway, something is seriously broken in the rawhide php world Sorry, but I cannot reproduce, using php 5.4.0RC7 under f16 Tested with various application which use "upload" feature - glpi 0.80.7 - phpMyAdmin 3.4.9 - roundcubemail 0.5.4 (from f16) - roundcubemail 0.7.1 (from rawhide) Here are my on-system versions: httpd-2.2.21-7.fc17.x86_64 httpd-tools-2.2.21-7.fc17.x86_64 php-5.4.0-0.3.RC7.fc17.x86_64 php-cli-5.4.0-0.3.RC7.fc17.x86_64 php-common-5.4.0-0.3.RC7.fc17.x86_64 php-mbstring-5.4.0-0.3.RC7.fc17.x86_64 php-mcrypt-5.4.0-0.3.RC7.fc17.x86_64 php-mysql-5.4.0-0.3.RC7.fc17.x86_64 php-pdo-5.4.0-0.3.RC7.fc17.x86_64 php-pear-1.9.4-4.fc17.noarch php-pear-Auth-SASL-1.0.6-2.fc17.noarch php-pear-DB-1.7.14-2.fc17.noarch php-pear-Mail-Mime-1.8.2-2.fc17.noarch php-pear-Mail-mimeDecode-1.5.5-3.fc17.noarch php-pear-MDB2-2.5.0-0.4.b3.fc17.noarch php-pear-MDB2-Driver-mysql-1.5.0-0.3.b3.fc17.noarch php-pear-MDB2-Driver-pgsql-1.5.0-0.3.b3.fc17.noarch php-pear-Net-IDNA2-0.1.1-4.fc17.noarch php-pear-Net-SMTP-1.6.1-2.fc17.noarch php-pear-Net-Socket-1.0.10-3.fc17.noarch php-pgsql-5.4.0-0.3.RC7.fc17.x86_64 php-xml-5.4.0-0.3.RC7.fc17.x86_64 roundcubemail-0.7.1-1.fc17.noarch squirrelmail-1.4.22-4.fc17.noarch systemd-42-1.fc17.x86_64 systemd-analyze-42-1.fc17.x86_64 systemd-gtk-42-1.fc17.x86_64 systemd-sysv-42-1.fc17.x86_64 # rpm -Va php* # # diff -u php.ini.rpmnew php.ini --- php.ini.rpmnew 2012-02-04 15:14:54.000000000 +0100 +++ php.ini 2012-02-12 14:27:14.117393651 +0100 @@ -669,7 +669,8 @@ ; Its value may be 0 to disable the limit. It is ignored if POST data reading ; is disabled through enable_post_data_reading. ; http://php.net/post-max-size -post_max_size = 8M +;post_max_size = 8M +post_max_size = 65M ; Automatically add files before PHP document. ; http://php.net/auto-prepend-file @@ -689,7 +690,7 @@ ; PHP's default character set is set to empty. ; http://php.net/default-charset -;default_charset = "UTF-8" +default_charset = "UTF-8" ; Always populate the $HTTP_RAW_POST_DATA variable. PHP's default behavior is ; to disable this feature. If post reading is disabled through @@ -794,10 +795,13 @@ ; specified). ; http://php.net/upload-tmp-dir ;upload_tmp_dir = +;upload_tmp_dir = "/tmp" +upload_tmp_dir = "/var/lib/php/session" ; Maximum allowed size for uploaded files. ; http://php.net/upload-max-filesize -upload_max_filesize = 2M +;upload_max_filesize = 2M +upload_max_filesize = 64M ; Maximum number of files that can be uploaded via a single request max_file_uploads = 20 @@ -898,8 +902,11 @@ [iconv] ;iconv.input_encoding = ISO-8859-1 +iconv.input_encoding = ISO-8859-15 ;iconv.internal_encoding = ISO-8859-1 +iconv.internal_encoding = UTF-8 ;iconv.output_encoding = ISO-8859-1 +iconv.output_encoding = UTF-8 [intl] ;intl.default_locale = httpd-2.2.21-7.fc17.x86_64 has PrivateTmp enabled in the init script, which is probably the trigger here. How are squirrel et al using /tmp such that this breaks? Old habits... for "init script" I mean "systemd service file" of course. For roundcubemail, the logged error is PHP Warning: File upload error - unable to create a temporary file in Unknown on line 0, referer: https://arekh.dyndns.org/roundcubemail/?_task=mail&_id=19437366954f3668e7ddbee&_action=compose IIRC squirrelmail's was similar Can you try a trivial PHP script which creates a file in /tmp and see whether it works? Or strace an httpd process doing that? Or e.g. the output of:
<pre><?php system("ls -lZd /tmp");
to see how /tmp looks from the httpd process?
(In reply to comment #8) > Can you try a trivial PHP script which creates a file in /tmp and see whether > it works? Or strace an httpd process doing that? Or e.g. the output of: > > <pre><?php system("ls -lZd /tmp"); > > to see how /tmp looks from the httpd process? drwxr-xr-t. root root system_u:object_r:tmp_t:s0 /tmp (In reply to comment #7) > IIRC squirrelmail's was similar PHP Warning: File upload error - unable to create a temporary file in Unknown on line 0, referer: https://arekh.dyndns.org/src/compose.php?mailbox=Bogues.redhat&startMessage=1 (In reply to comment #8) > strace an httpd process doing that > to see how /tmp looks from the httpd process? {}, 2, 10000) = 0 epoll_wait(11, {{EPOLLIN, {u32=912862704, u64=140201530306032}}}, 2, 10000) = 1 accept4(6, {sa_family=AF_INET6, sin6_port=htons(41964), inet_pton(AF_INET6, "::ffff:192.168.0.4", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, [28], SOCK_CLOEXEC) = 12 semop(622594, {{0, 1, SEM_UNDO}}, 1) = 0 getsockname(12, {sa_family=AF_INET6, sin6_port=htons(443), inet_pton(AF_INET6, "::ffff:192.168.0.4", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 0 fcntl(12, F_GETFL) = 0x2 (flags O_RDWR) fcntl(12, F_SETFL, O_RDWR|O_NONBLOCK) = 0 brk(0) = 0x7f83366a9000 brk(0x7f83366ca000) = 0x7f83366ca000 read(12, "\26\3\0\0s\1\0\0o\3\0O9U\252\237\0353\267\275]\344\322\335\221\311\22[\251oL\231"..., 8000) = 120 semop(557056, {{0, -1, SEM_UNDO}}, 1) = 0 semop(557056, {{0, 1, SEM_UNDO}}, 1) = 0 writev(12, [{"\26\3\0\0Q\2\0\0M\3\0O9U\252\215\207\10o\306(T\313}#<\255\345\t\363\220\r"..., 1573}], 1) = 1573 poll([{fd=12, events=POLLIN}], 1, 120000) = 1 ([{fd=12, revents=POLLIN}]) read(12, "\26\3\0\2\4\20\0\2\0Y\342\27=d?\3/X1O\331\347\341\325\203\215\35Q\242F\314@"..., 8000) = 596 writev(12, [{"\24\3\0\0\1\1\26\3\0\0@\36\236\353\240\342\272\304\244\207\325\245n\237/\356J\221\345D\203\332"..., 75}], 1) = 75 semop(557056, {{0, -1, SEM_UNDO}}, 1) = 0 semop(557056, {{0, 1, SEM_UNDO}}, 1) = 0 poll([{fd=12, events=POLLIN}], 1, 120000) = 1 ([{fd=12, revents=POLLIN}]) read(12, "\27\3\0\0 K\273>\320\246{\310\264\242\302\334N\242\250Qo|+b\237\313G$\251*\226\275"..., 8000) = 554 stat("/usr/share/squirrelmail/src/test.php", {st_mode=S_IFREG|0644, st_size=35, ...}) = 0 rt_sigaction(SIGPROF, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGPROF, {0x7f832a86eac0, ~[ILL TRAP ABRT BUS FPE KILL SEGV CONT STOP TSTP TTIN TTOU SYS RTMIN RT_1], SA_RESTORER|SA_SIGINFO, 0x7f8333ec2fb0}, NULL, 8) = 0 rt_sigaction(SIGHUP, NULL, {0x7f83356d4320, [], SA_RESTORER|SA_INTERRUPT, 0x7f8333ec2fb0}, 8) = 0 rt_sigaction(SIGHUP, {0x7f832a86eac0, ~[ILL TRAP ABRT BUS FPE KILL SEGV CONT STOP TSTP TTIN TTOU SYS RTMIN RT_1], SA_RESTORER|SA_SIGINFO, 0x7f8333ec2fb0}, NULL, 8) = 0 rt_sigaction(SIGINT, NULL, {0x7f83356d3ad0, [], SA_RESTORER, 0x7f8333ec2fb0}, 8) = 0 rt_sigaction(SIGINT, {0x7f832a86eac0, ~[ILL TRAP ABRT BUS FPE KILL SEGV CONT STOP TSTP TTIN TTOU SYS RTMIN RT_1], SA_RESTORER|SA_SIGINFO, 0x7f8333ec2fb0}, NULL, 8) = 0 rt_sigaction(SIGQUIT, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGQUIT, {0x7f832a86eac0, ~[ILL TRAP ABRT BUS FPE KILL SEGV CONT STOP TSTP TTIN TTOU SYS RTMIN RT_1], SA_RESTORER|SA_SIGINFO, 0x7f8333ec2fb0}, NULL, 8) = 0 rt_sigaction(SIGTERM, NULL, {0x7f83356d4320, [], SA_RESTORER|SA_INTERRUPT, 0x7f8333ec2fb0}, 8) = 0 rt_sigaction(SIGTERM, {0x7f832a86eac0, ~[ILL TRAP ABRT BUS FPE KILL SEGV CONT STOP TSTP TTIN TTOU SYS RTMIN RT_1], SA_RESTORER|SA_SIGINFO, 0x7f8333ec2fb0}, NULL, 8) = 0 rt_sigaction(SIGUSR1, NULL, {0x7f83356d3d10, [], SA_RESTORER|SA_INTERRUPT, 0x7f8333ec2fb0}, 8) = 0 rt_sigaction(SIGUSR1, {0x7f832a86eac0, ~[ILL TRAP ABRT BUS FPE KILL SEGV CONT STOP TSTP TTIN TTOU SYS RTMIN RT_1], SA_RESTORER|SA_SIGINFO, 0x7f8333ec2fb0}, NULL, 8) = 0 rt_sigaction(SIGUSR2, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGUSR2, {0x7f832a86eac0, ~[ILL TRAP ABRT BUS FPE KILL SEGV CONT STOP TSTP TTIN TTOU SYS RTMIN RT_1], SA_RESTORER|SA_SIGINFO, 0x7f8333ec2fb0}, NULL, 8) = 0 setitimer(ITIMER_PROF, {it_interval={0, 0}, it_value={60, 0}}, NULL) = 0 rt_sigaction(SIGPROF, {0x7f832a86eac0, ~[ILL TRAP ABRT BUS FPE KILL SEGV CONT STOP TSTP TTIN TTOU SYS RTMIN RT_1], SA_RESTORER|SA_SIGINFO, 0x7f8333ec2fb0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [PROF], NULL, 8) = 0 getcwd("/", 4095) = 2 chdir("/usr/share/squirrelmail/src") = 0 setitimer(ITIMER_PROF, {it_interval={0, 0}, it_value={30, 0}}, NULL) = 0 lstat("/usr/share/squirrelmail/src/test.php", {st_mode=S_IFREG|0644, st_size=35, ...}) = 0 lstat("/usr/share/squirrelmail/src", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 lstat("/usr/share/squirrelmail", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 lstat("/usr/share", {st_mode=S_IFDIR|0755, st_size=12288, ...}) = 0 lstat("/usr", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 open("/usr/share/squirrelmail/src/test.php", O_RDONLY) = 13 fstat(13, {st_mode=S_IFREG|0644, st_size=35, ...}) = 0 fstat(13, {st_mode=S_IFREG|0644, st_size=35, ...}) = 0 fstat(13, {st_mode=S_IFREG|0644, st_size=35, ...}) = 0 mmap(NULL, 35, PROT_READ, MAP_SHARED, 13, 0) = 0x7f833568b000 munmap(0x7f833568b000, 35) = 0 close(13) = 0 pipe2([13, 14], O_CLOEXEC) = 0 clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f8335673b10) = 7982 close(14) = 0 fcntl(13, F_SETFD, 0) = 0 read(13, "drwxr-xr-t. root root system_u:o"..., 8192) = 60 read(13, "", 8192) = 0 close(13) = 0 wait4(7982, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0, NULL) = 7982 --- {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7982, si_status=0, si_utime=0, si_stime=2} (Child exited) --- chdir("/") = 0 setitimer(ITIMER_PROF, {it_interval={0, 0}, it_value={0, 0}}, NULL) = 0 setitimer(ITIMER_PROF, {it_interval={0, 0}, it_value={0, 0}}, NULL) = 0 brk(0) = 0x7f83366ca000 brk(0x7f83366f5000) = 0x7f83366f5000 mmap(NULL, 135168, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8335495000 mmap(NULL, 135168, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8321fb0000 munmap(0x7f8321fb0000, 135168) = 0 munmap(0x7f8335495000, 135168) = 0 writev(12, [{"\27\3\0\1`\33m\206F\325U\364\334\364\240BPC`\364\240\223k?\335\201\252p\244\274\t\225"..., 516}], 1) = 516 write(9, "192.168.0.4 - - [13/Feb/2012:19:"..., 160) = 160 poll([{fd=12, events=POLLIN}], 1, 12000) = 0 (Timeout) writev(12, [{"\25\3\0\0 \367\344\334\311ju\357\273\17=\3000e\217\27ZC\177\233\312\335;\350\2038b\366"..., 37}], 1) = 37 shutdown(12, SHUT_WR) = -1 ENOTCONN (Transport endpoint is not connected) close(12) = 0 read(7, 0x7fff753931e7, 1) = -1 EAGAIN (Resource temporarily unavailable) close(11) = 0 munmap(0x7f8322a5d000, 2147992) = 0 munmap(0x7f8322850000, 2147360) = 0 munmap(0x7f8323537000, 2131224) = 0 munmap(0x7f8323322000, 2180240) = 0 munmap(0x7f83230e6000, 2342040) = 0 munmap(0x7f8322e6e000, 2587552) = 0 munmap(0x7f8322c6a000, 2109520) = 0 munmap(0x7f8323740000, 2143160) = 0 munmap(0x7f832394c000, 2126904) = 0 munmap(0x7f8323b54000, 2130640) = 0 munmap(0x7f8323d5d000, 2145488) = 0 munmap(0x7f8323f69000, 2356560) = 0 munmap(0x7f83241a9000, 2213616) = 0 munmap(0x7f8324669000, 2122880) = 0 munmap(0x7f83243c6000, 2761864) = 0 munmap(0x7f8324cf2000, 2131328) = 0 munmap(0x7f8324ac6000, 2275480) = 0 munmap(0x7f8324870000, 2448424) = 0 munmap(0x7f8324efb000, 2127016) = 0 munmap(0x7f8325103000, 2209936) = 0 munmap(0x7f832531f000, 2235176) = 0 munmap(0x7f8325f31000, 2147496) = 0 munmap(0x7f8325a59000, 5078648) = 0 munmap(0x7f8326579000, 2139016) = 0 munmap(0x7f8326347000, 2301920) = 0 munmap(0x7f832613e000, 2131944) = 0 munmap(0x7f8326ac0000, 2134560) = 0 munmap(0x7f8326cca000, 3938544) = 0 munmap(0x7f832708c000, 2269688) = 0 munmap(0x7f8327972000, 2163976) = 0 munmap(0x7f8327712000, 2489896) = 0 munmap(0x7f83274df000, 2302384) = 0 munmap(0x7f83272b7000, 2258560) = 0 munmap(0x7f8326784000, 3388384) = 0 munmap(0x7f83354b6000, 1052672) = 0 munmap(0x7f83355b7000, 266240) = 0 munmap(0x7f8327b83000, 323584) = 0 close(8) = 0 close(7) = 0 exit_group(0) = ? Created attachment 561629 [details] strace of squirrelmail trying to attach a file in a mail (In reply to comment #8) > Can you try a trivial PHP script which creates a file in /tmp and see whether > it works? Or strace an httpd process doing that? Thanks a lot Nicolas. systemd folks/Dan, after enabling PrivateTmp in the httpd service, the /tmp looks like this within httpd processes: drwxr-xr-t. root root system_u:object_r:tmp_t:s0 /tmp That is is rather broken, that directory needs to be chmod 777, surely. *** This bug has been marked as a duplicate of bug 790522 *** |