Hello Stephane,

First, please send mails with questions about packages to ports@ in the
future. I'm not changing list now because I don't want to continue the
discussion, but merely rectify a few of your mistakes and hopefully
prevent people finding this thread in the future from making the same
ones.

If anyone feels like they should continue this thread please change the
list to ports@.

On 07/26/17 23:33, Stephane HUC "PengouinBSD" wrote:
> Hi, all.
> 
> Sorry for the latence!
> 
> Yes, i'm sure all ENV* variables are absolute to the system root.
> As explain on the php-fpm.conf, only few directives are relative to be
> chroot.
> 
> [quote]
> (...)
> ; Per pool prefix
> ; It only applies on the following directives:
> ; - 'access.log'
> ; - 'slowlog'
> ; - 'listen' (unixsocket)
> ; - 'chroot'
> ; - 'chdir'
> ; - 'php_values'
> ; - 'php_admin_values'
> ; When not set, the global prefix (or /usr/local) applies instead.
> ; Note: This directive can also be relative to the global prefix.
> (...)
> [/quote]
> 
> I modified the php-fpm.conf_user as:
> 
> env[TMP] = /var/www/tmp/$pool
> env[TMPDIR] = /var/www/tmp/$pool
> env[TEMP] = /var/www/tmp/$pool
> (...)
> php_admin_value[upload_tmp_dir]=/tmp/$pool
> 
> I created the directory /var/www/tmp/$pool, and chowned user_blog:www on
> this!
> 
> In facts, i was wrong user.
> 
> Now, it's run correctly! ;)

It runs because of sheer luck, not because of a proper configuration,
let alone correctly.

My statements are based on 7.1.7 which I compiled locally and will
hopefully hit the tree soon(tm), but should be equally valid for
other versions of PHP.
Also, I don't know your setup, so my response is based on
speculation, but is hopefully accurate enough for you to figure out
what is going on yourself.

I assume that you try to upload a file to a PHP script and store
it locally. This reaches main/rfc1867.c:1021 in the PHP core.

This tries to open a file based on upload_tmp_dir, which you've
set to /tmp/$pool in your final solution. This succeeds, because
it exists inside your chroot.
The problem here is that you haven't fixed env[{TMP,TMPDIR,TEMP}].

If upload_tmp_dir isn't set php_open_temporary_fd_ex
(main/php_open_temporary_file.c:294) calls php_get_temporary_directory.
This function tries several options, of which one is getenv("TMPDIR");.
Because you've set this variable to /var/www/tmp in your original setup,
but is called *AFTER* the fpm-daemon has chrooted to /var/www it
effectively tries to call /var/www/var/www/tmp, which does not exist.
See also the documentation at http://php.net/manual/en/ini.core.php.

If you hadn't set the environment variable it would've eventually fallen
back to /tmp, which is effectively /var/www/tmp because of the chroot.
Ergo: Fix your environment and unset upload_tmp_dir.

The second problem you hit is that /var/www/tmp is owned by www:www
with 755 permissions (pitfall, these permissions can be reset at any
time to 700). So even if PHP would try to create the intermediate
directories (don't know, haven't checked) it would still fail because of
the permissions on this directory.
Creating the /var/www/tmp/$pool directory with the correct owner
solves the problem indeed, but not because of your env statements.

The problem now is that you've fixed one problem but you've left open an
entire subsection of problems that you happen to not hit, and are still
a risk for people copying your configuration, or even yourself in the
future.
If you were to use tmpfile() you'd probably run into the same problem,
and that's just one example that I thought of, there's probably a lot
more.

So please, make sure you know what you're doing, especially if you claim
you've fixed something. These misconfigurations are always picked up by
other users and will cause problems down the road.

Next time you run into a similar problem go through the following steps:
1) Formulate what you've changed compared to the default configuration
file.
2) Formulate why you've changed these settings.
3) If you happen to solve your particular problem, report it as such
(that it fixes just your use case), unless you've researched why things
failed in the first place and you're absolutely sure your solution is
a generic solution.

Hope this mail helped you understand a little more of the internals and
added a little to your skills to debug such problems yourself.

martijn@
> 
> Thank you all.
> 
> 
> Le 07/26/17 à 01:50, Todd Mortimer a écrit :
>> Hi Stephane,
>>
>> Are you sure that the env[TMP], env[TMPDIR] and env[TEMP] variables are
>> supposed to be relative to the real system root, or relative to the
>> chroot? If I were to guess, I would bet that php is trying to create a
>> file after chrooting itself, and inside the chroot, /var/www/tmp doesn't
>> exist. Try setting those env vars to /tmp and see if that works. 
>>
>> Todd
>>
>> On Tue, Jul 25, 2017 at 09:03:38AM +0200, Stephane HUC "PengouinBSD" wrote:
>>> Hi all.
>>>
>>> I have this error on my,OpenBSD server (6.1) :
>>>
>>> FastCGI sent in stderr: "PHP message: PHP Warning:  Unknown: Unable to
>>> create temporary file, Check permissions in temporary files directory.
>>> in Unknown on line 0
>>>
>>> I use nginx+php70_fpm !
>>>
>>> The php-fpm.conf for the instance:
>>>
>>> **** file ***
>>> [blog.stephane-huc.net]
>>> prefix = /var/www
>>>
>>> user = user_blog
>>> group = www
>>>
>>> listen.owner = www
>>> listen.group = www
>>> listen.mode = 0660
>>>
>>> listen = run/php-fpm.$pool.sock
>>> listen.allowed_clients = 127.0.0.1
>>>
>>> chroot = $prefix
>>> chdir = /
>>>
>>> env[HOSTNAME] = $HOSTNAME
>>> ;env[PATH] = /usr/local/bin:/usr/bin:/bin
>>> env[TMP] = /var/www/tmp
>>> env[TMPDIR] = /var/www/tmp
>>> env[TEMP] = /var/www/tmp
>>>
>>> php_admin_value[upload_tmp_dir] = /tmp
>>> php_admin_value[upload_max_filesize] = 8M
>>> *** EOF ***
>>>
>>> Rights on /var/www/tmp:
>>>
>>> $ ls -al /var/www/
>>>
>>>
>>> total 68
>>> drwxr-xr-x  17 root  daemon   512 Jul  5 04:59 ./
>>> drwxr-xr-x  25 root  wheel    512 Jul  5 19:50 ../
>>> drwxr-xr-x  10 www   daemon   512 Jul  9 10:31 .ht/
>>> drwxr-xr-x  11 root  daemon   512 Jul  9 10:31 acme/
>>> drwxr-xr-x   2 root  daemon   512 Jun 25 13:51 bin/
>>> drwx-----T  16 www   daemon   512 Jul  9 10:31 cache/
>>> drwxr-xr-x   2 root  daemon   512 Apr  1 21:38 cgi-bin/
>>> drwxr-xr-x  10 root  daemon   512 Jul  9 10:31 conf/
>>> drwxr-xr-x   3 root  daemon   512 Jun 25 13:48 etc/
>>> drwxr-xr-x  12 root  daemon   512 Jul  9 10:29 htdocs/
>>> drwxr-xr-x   2 root  daemon   512 Jun 24 22:59 html/
>>> drwxr-xr-x  11 root  daemon  1024 Jul 23 00:00 logs/
>>> drwxr-xr-x   2 root  daemon   512 Jun 28 18:11 modules/
>>> drwxr-xr-x  11 root  daemon  1024 Jul 25 08:39 run/
>>> drwxr-xr-x  10 www   www     2048 Jul  9 10:31 tmp/
>>> drwxr-xr-x   3 root  daemon   512 Jun 24 20:44 usr/
>>> drwxr-xr-x   3 root  daemon   512 Jun 24 21:17 var/
>>>
>>>
>>> where is the problem?
>>>
>>>
>>> -- 
>>> ~ " Fully Basic System Distinguish Life! " ~ " Libre as a BSD "     +=<<<
>>> ----
>>> <me>Stephane HUC as PengouinBSD or CIOTBSD</me>
>>> <mail>b...@stephane-huc.net</mail>
>>>
>>
>>
> 

Reply via email to