Assuming HTML: <form id="myForm"> ... You can do this with…

Question

0

Asked: May 13, 20262026-05-13T21:15:10+00:00 2026-05-13T21:15:10+00:00

I am on Linux, obviously. PHP scripts seem to be running under ‘www-data’ user.

0

I am on Linux, obviously. PHP scripts seem to be running under ‘www-data’ user. I can also see that uploaded files end up in the default /tmp directory, each with a name prepended by “php”. All standard, I guess. The permissions of all these files is -rw——- i.e. 600, user ‘www-data’, group ‘www-data’. The problem is that I have a PostgresQL database server running under user ‘postgres’ which needs to be able to read these files because it inserts their contents into a database. Currently it cannot, obviously. Of course, as a rule, database queries and functions operate under whoever user connects to the database (I connect as ‘www-data’ as well), but here we are talking about server side functions which HAVE to be invoked as ‘postgres’. This is a PostgresQL limitation, for better or worse.

I do consider security in mind, but I think the world will not go under if I allow either postgres to read these files, or relax permissions of these files.

How do I control the permissions that these files are created with? Obviously PHP creates them itself, e.g. on POST file upload, but I cannot find any configuration switches. Also, my /tmp has permissions ‘drwxrwxrwt’ (777) and is owned by user ‘root’, group ‘root’.

I tried to change the upload directory with ‘php_value upload_tmp_dir ‘ but it has no effect, it seems – PHP still stores temporary files in /tmp.

I do NOT want to use with ‘move_uploaded_file’ or ‘chmod’, since they write to the filesystem, and I want to avoid that, other than the database server inserting record(s).

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-13T21:15:10+00:00

You could try changing the umask settings for Apache in /etc/apache2/envvars

I haven’t tried this, but with it added to my envvars file, it would look like this:

# envvars - default environment variables for apache2ctl

# Since there is no sane way to get the parsed apache2 config in scripts, some
# settings are defined via environment variables and then used in apache2ctl,
# /etc/init.d/apache2, /etc/logrotate.d/apache2, etc.
export APACHE_RUN_USER=www-data
export APACHE_RUN_GROUP=www-data
export APACHE_PID_FILE=/var/run/apache2.pid

## The locale used by some modules like mod_dav
export LANG=C
## Uncomment the following line to use the system default locale instead:
#. /etc/default/locale

export LANG

umask 022

As far as I know, this will make Apache create files with permission 644. rw-r–r–

How to approach applying for a job at a company ...

What is a programmer’s life like?

How to handle personal stress caused by utterly incompetent and ...

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions