0

In my PHP class i upload files and then scan them with antivirus. Uploaded files are stored in /tmp with names like /tmp/phpRANDOM (allas usually)

But when i pass this path to clamav server it returns "Access denied". For other files (not in /tmp) all works fine. The reason is that /tmp/php... files have permissions rw------ (read/write only by owner). but clamav works as different user from apache/php .

So, the question. How PHP decides which permissions to use for upload temp files? How i can configure this? maybe this is some umask configured on a user level? If i want to have rw--r--r-- permissions for files in /tmp folder , are there any reasons not doing this (security)?

Roman Gelembjuk
  • 1,797
  • 2
  • 25
  • 50
  • You can set the `umask` of the process writing the temporary files to grant access to the user group. Then you should add the clamav user to the user group those files are created under (probably something like `www-data`). That should solve the issue. – arkascha May 30 '18 at 14:45
  • A question however: why should one want to virus scan files on a linux based server? To protect MS-Windows client systems? _Why?_ – arkascha May 30 '18 at 14:46
  • 1
    How to set umask? This process is php-fpm. Where is this configured? – Roman Gelembjuk May 31 '18 at 04:27
  • Either you set the general umask of the fpm patent process in it's startup script, or, better, use use php's umask function in you code where you need to. – arkascha May 31 '18 at 04:29

1 Answers1

1

I have found the solution. I just change permissions to files before posting them to clamav

It is like

$perm = fileperms($filepath) | 0644;
chmod($filepath, $perm);

And it works fine

Roman Gelembjuk
  • 1,797
  • 2
  • 25
  • 50
  • Not sure why this is downvoted. this is a good solution. chmod('\tmp\uploadedfile', 0644) if clamav check fails @unlink('\tmp\uploadedfile'); or move_uploaded_file('\tmp\uploadedfile', '\new\path\uploadedfile\'); – Ruben Benjamin Aug 05 '19 at 18:09