共享主机环境中的 sys_get_temp_dir [英] sys_get_temp_dir in shared hosting environment

问题描述

注意:这也适合超级用户.

我正在使用 apache2 mpm itk 和 open_basedir 的共享主机上设置 PHP 5.3.10，每个用户可能看不到或更改另一个用户的文件.在 apache2 vhost 设置中，我添加了适当的条目来限制用户:

I am setting up PHP 5.3.10 on a shared host with apache2 mpm itk and open_basedir in a way, that each user may not see or change the files of another user. In the apache2 vhost settings, I add the appropriate entries to restrict the user:

    AssignUserId     userA userA
    php_admin_value  open_basedir      /home/userA/www/
    php_admin_value  upload_tmp_dir    /home/userA/www/tmp/
    php_admin_value  session.save_path /home/userA/www/tmp/
    SetEnv           TMPDIR            /home/userA/www/tmp/

现在，第一行设置用于 apache2 的 linux 用户，接下来的三行将 basedir、上传目录和会话保存路径定义在用户目录中.我稍后会回到最后一行.

Now, the first line sets the linux user to use for apache2, the next three lines define the basedir, upload directory and session savepath to be in the user directory. I'll get back to the last line in a sec.

现在问题来了:sys_get_temp_dir() 应该返回 php 的临时目录，/tmp 是 Linux 系统上的默认目录.出于安全原因，此目录应位于 userA 的 open_basedir 中.根据5.3.10的php-source，sys_get_temp_dir()-function使用环境变量TMPDIR来获取这个目录:

Now for the problem: sys_get_temp_dir() should give back the temporary directory for php, which is /tmp be default on a linux system. For security reasons, this directory should reside in the open_basedir of userA. According to the php-source of 5.3.10, the sys_get_temp_dir()-function uses the environment variable TMPDIR to get this directory:

     // php-src/main/php_open_temporary_file.c:217-219
     /* On Unix use the (usual) TMPDIR environment variable. */
     {
             char* s = getenv("TMPDIR");

这是上面配置中的第五行应该做的.但是，sys_get_temp_dir() 只是返回全局系统目录，忽略环境变量(在 $_SERVER 中完美设置，也可以通过 phpinfo() 查看).

This is what the fifth line in the configuration above should do. However, sys_get_temp_dir() simply returns the global system directory, ignoring the environmental variable (which is perfectly set in $_SERVER, also viewable via phpinfo()).

这会导致依赖 sys_get_temp_dir() 的各种软件出现一些令人讨厌的错误，因为该目录在 open_basedir 设置之外.我试图将变量直接设置为 $_ENV 和 $_SERVER 而不改变行为.我试过 putenv('TMPDIR=/home/userA/www/tmp') 没有改变.

This results in some nasty bugs with various software relying on sys_get_temp_dir(), as that directory is outside of the open_basedir setting. I've tried to set the variable directly into $_ENV and $_SERVER without a change in behaviour. I've tried a putenv('TMPDIR=/home/userA/www/tmp') without change.

但是，我可以通过将变量定义为/etc/apache2/envvars 来更改输出 - 这对我来说没用，因为我希望每个 VHOST 都有自己的临时文件夹.

However, I am able to change the output by defining the variable into /etc/apache2/envvars - which is useless for me, as I want each VHOST to have its own temporary folder.

到目前为止，我找到的唯一解决方案是通过像 runkit 并通过 auto_prepend_file.但是那个解决方案太脏了，我简直不敢相信，没有更好的解决方案.

The only solution I have found so far is overwriting the internal sys_get_temp_dir() through an extension like runkit and enforcing its inclusion via auto_prepend_file. But that solution is so dirty, I simply can't believe, that there is no better solution around.

那么，我的问题是:有没有办法改变 sys_get_temp_dir() 在 apache2 vhost 设置中设置的结果，而无需使用 runkit 重新实现该功能?

So, my question: Is there any way to change the result of sys_get_temp_dir() to be set in an apache2 vhost setting, without reimplementing the function with runkit?

apache 版本是 2.2.22，我目前使用的是 mod_php.由于我必须手动添加所有用户，因此也可以使用 fcgi 或类似设置.

The apache version is 2.2.22, and I currently use mod_php. As I will have to add all users manually, an fcgi or similar setup would also be possible.

推荐答案

Running a putenv('TMPDIR=/foo/bar') inside PHP 似乎可以影响 sys_get_temp_dir() 的结果.您可以安排一个 auto_prepend_file 指令来运行一段 PHP 来设置 TMPDIR 并避免与 sys_get_temp_dir() 的重新定义混淆.

Running a putenv('TMPDIR=/foo/bar') inside PHP seems to be able to affect the result of sys_get_temp_dir(). You could have an auto_prepend_file directive arranged to run a piece of PHP to set up the TMPDIR and avoid messing with a redefinition of sys_get_temp_dir().

此外，您可以轻松地使用 putenv('TMPDIR='.ini_get('open_basedir').'/tmp') 将临时目录设置为您在问题中列出的目录结构.

Also, you could easily use putenv('TMPDIR='.ini_get('open_basedir').'/tmp') to set the temporary directory to the directory structure you laid out in the question.

有趣的是，事实证明这也有效(假设您在 Apache 配置中保留了 SetEnv TMPDIR/foo/bar):

Funny enough, this turns out to also work (given that you keep the SetEnv TMPDIR /foo/bar in your Apache configuration):

putenv('TMPDIR='.getenv('TMPDIR'));

看似无操作，但实际上确实对sys_get_temp_dir()有影响.我开始怀疑这一定是 PHP 中的一些环境处理错误.

Seems like a no-op, but actually does have effect on sys_get_temp_dir(). I'm starting to suspect this has to be some environment-handling bug in PHP.

这篇关于共享主机环境中的 sys_get_temp_dir的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！