-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ehlo, first post here, so please bear with me :) I am using extended filesystem ACLs (ext4) for creating a shared work environment for several users (devs) and groups. Using PHP 5.5.9+dfsg-1ubuntu4.3 I have realised the following issue: Using fopen/fwrite/fclose the PHP interpreter does actually create a file which inherits the default extended ACLs from the parent directory. Using a simple PHP upload script I end up with files which do not get any extended ACL at all, which for me looks wrong. :) The issue is reproducable the same on apache/mod-php as well as nginx/php-fpm. My first (and only so far) lead here is that PHP seems to create the uploaded files first in a temporary directory and then moves them into the final place. As Linux "mv" command does not regard the target ACLs just moves the source ACLs in, I have set "upload_tmp_dir" to a directory where I have set the proper ACLs, tho still I end up with uploaded files with *no* extended ACLs set. I tried from a stackoverflow suggestion to "disable_functions = rename" in hope that the interpreter now uses cp/link/unlink instead of mv. No success. Now I am totally out of ideas, why this is happening and how to have a consistant behaviour between creating and uploading files. Especially I am in need for a generic configurable solution, as I am looking forward to host quite some php sites/CMSs (and am not willing/able to modify the code for all those varying code bases, especially regarding updates etc :) How to fix the - imho not quite correct - behaviour when uploading files to a server using PHP? kind regards, phaidros ps: I also found this, and have the feeling it might be related: https://bugs.php.net/bug.php?id=65057&edit=1 So the source for trouble might be in move_uploaded_file() ? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQGcBAEBAgAGBQJTzsOJAAoJEJhnRHRRn9SyUPYL/RQ1wkyF4Keon/V8wYV8E0z/ 0ZlybyZSsV6u3vmfVSD6C7aSYR6w6wy27XVcLvGOTCnkTBv/Byf05dgBw/GmeG6A 3TlsKLzGOs04+96Oec6QBk0YduFZxvihYoIPPGu5V7bh7M8upBQF7XrYPoaDHJk1 tgkZYzT1hsDHlOx+dJ4QxOKOdcoLgXsXC/005hyOrERrqAjc5W965aux3KSasGMr myjZTZw8z5mSyOlUiEegDmR0D2C5XBkZIpOmSyEQkFIncse170DaBMfF/xu2tX6u KAaaxApx0gjRkQ3FmoTSNkmn0m6lVZct+xGWV1Vo+c+lYy5JwjuUsZJ3JQaLUySl 5PXwBj3+lWfTTPwCjptZ/xXq9+lap2hiVDBLv0BUsQ9YWudcCMjxYrhQkPWfPUzb hPKS5t2bAiyBR5YuX8MRKv7MF6z7aqL4WwW7Ruf1p1SMaf41pjQ1+CKK1ONffJCX kcYoJUabnPhZhYrmMKatLoJ9DaEthnH/sFB5tTituw== =oVq8 -----END PGP SIGNATURE----- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
