Re: [PHP] Deleting file in /tmp directory

From: parasane@xxxxxxxxx ("Daniel Brown")
Date: Fri, 28 Mar 2008 11:53:16 -0400

On Fri, Mar 28, 2008 at 11:24 AM, Mário Gamito <gamito@xxxxxxxxx> wrote:

Hi,

I have this PHP script (simplificated here), called delete_tmp.php
that basically calls external commands:

<?php

$session_file = '/tmp/sess_89765'

system(''rm -f' . ' ' . $session_file);

?>

That's extremely short for a session name. Should it be
/tmp/sess_89765* ? Or is that just an example? Since the ending
semicolon is missing, I'll presume it's just an example. ;-P

Also, here are two different ways of doing that:

<?php
// Method 1
$session_file = '/tmp/sess_89765';

exec('rm '.$session_file.' 2>&1',$ret,$err);

echo isset($err) && $err != 0 ? print_r($ret) : null;
?>

<?php
// Method 2
$session_file = '/tmp/sess_89765';

if(file_exists($session_file) && is_file($session_file) &&
is_writeable($session_file)) {
unlink($session_file);
} else {
echo "No file named ".$session_file."\n";
}

?>

delete_tmp.php file is owned by gamito.users

/tmp/sess_89765 file has permissions -rw------ and is owned by gamito.users

My /tmp permissions are rwxrwxrwt and is owned by root.root

I know that the the sticky bit only allows files to be deleted by
their owners, the owner of the directory or by root.

Never the less, i can switch to /tmp directory and delete sess_89765
file as user gamito.

If I run:
$ php delete_tmp.php

as root, it deletes sess_89765 file.

But if I do the same has user gamito, it doesn't delete the file !!!

Ideas ?

Any help would be appreciated.

Warm Regards,
Mário Gamito

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

--
</Daniel P. Brown>
Forensic Services, Senior Unix Engineer
1+ (570-) 362-0283
.

References:
- Deleting file in /tmp directory
  - From: "Mário Gamito"

Prev by Date: Re: Deleting file in /tmp directory
Next by Date: [PHP] Re: putting variables in a variable
Previous by thread: Re: Deleting file in /tmp directory
Index(es):
- Date
- Thread

Relevant Pages

Re: Site root question: Newbie
... That was a variable that only sits in front of all of the site includes, all of the root-relative links in the site are still looking at http://www.site.com/ as the root rather than http://www.site.com/client/dev/2006/. ... and that is the root folder. ... In all of the PHP sites I've seen there are always a couple of folder levels outside the web site root and these seem to contain necessary php files like pear, and setting root-relative links, especially with include files, can be a real pain, in my limited experience. ... For security reasons you may not want it to be possible for someone outside the server to execute some scripts, those you place outside the root for the website, this way no one can use an url and try to run a script. ...
(alt.php)
RE: Linux hacked
... Was any of the sites running a php nuke or another portal or system that is vuln ... been able to use that with a locla root exploit to gain root on the machine. ... > hack the box, pull the drive and save it. ... > Use the newest versions of Gentoo, Apache, SSH, PHP and Squirl Mail. ...
(Security-Basics)
Re: include_path related issue
... The actual path of the root dir of my account with hosting provider ... I can specify additional subdomains in the control panel of my account. ... The .htaccess file in httpdocs is similar to the one in my master domain. ... PHP recognizes the include_path setting properly, ...
(comp.lang.php)
Re: idiot question about chown
... > I want to chown htdocs. ... I want htdocs to belong to the same user as ... Apparently PHP is running as root. ...
(alt.linux)
Re: Site root question: Newbie
... root-relative links in this dev site to really look here for a starting ... http://www.site.com/ as the root rather than ... In all of the PHP sites I've seen there are ... scripts to define how s/he wants that be set. ...
(alt.php)