M?rio Gamito wrote:> Hi,
>
> This is a bit of-topic, but since it has to do with /tmp permissions
> here it goes.
> Anyway, I'm sorry in advance for posting this.
>
> I have this PHP script (simplificated here), called delete_tmp.php
> that basically calls external commands:
>
> <?php
>
> $session_file = '/tmp/sess_89765'
>
> system(''rm -f' . ' ' . $session_file);
>
> ?>
>
> delete_tmp.php file is owned by gamito.users
>
> /tmp/sess_89765 file has permissions -rw------ and is owned by gamito.users
>
> My /tmp permissions are rwxrwxrwt and is owned by root.root
>
> I know that the the sticky bit only allows files to be deleted by
> their owners, the owner of the directory or by root.
>
> Never the less, i can switch to /tmp directory and delete sess_89765
> file as user gamito.
>
> If I run:
> $ php delete_tmp.php
>
> as root, it deletes sess_89765 file.
>
> But if I do the same has user gamito, it doesn't delete the file !!!
>
> Ideas ?
PHP, being run from the web interface, is run as whatever ID
Apache is run as. Apache is not user gamito. On a file with
-rw------ permission users in the group will not be allowed to
delete the file.
--
Linux Home Automation Neil Cherry ncherry at linuxha.com
http://www.linuxha.com/ Main site
http://linuxha.blogspot.com/ My HA Blog
Author of: Linux Smart Homes For Dummies