I'm on Linux, obviously. PHP scripts seem to work under the user "www-data". I also see that the downloaded files fall into the default directory / tmp, each of which has a name appended with "php". All standard, I think. Permissions for all of these files are: -rw ------- ie 600, user-www-data ', group' www-data '. The problem is that I have a PostgresQL database server running under the postgres user, which should be able to read these files because it inserts their contents into the database. Obviously, this is currently not possible. Of course, as a rule, database queries and functions work under who connects to the database (I also connect as "www-data"), but here we are talking about server-side functions that should be called as "postgres", This is a limitation of PostgresQL, better or worse.
I believe that security is important, but I think that the world will not work if I allow either postgres to read these files or relax the permissions of these files.
How to manage the permissions with which these files are created? Obviously, PHP creates them yourself, for example. when loading a POST file, but I can not find any configuration switches. In addition, my / tmp has permissions of 'drwxrwxrwt' (777) and belongs to the user 'root', group 'root'.
I tried changing the upload directory with php_value upload_tmp_dir, but it has no effect, it seems that PHP still stores temporary files in / tmp.
I do NOT want to use with 'move_uploaded_file' or 'chmod', since they write to the file system, and I want to avoid this, except for the server (s) of the database inserting the records.
source share