Deleting file in /tmp directory

Hi,

I have this PHP script (simplificated here), called delete_tmp.php
that basically calls external commands:

<?php

$session_file = '/tmp/sess_89765'

system(''rm -f' . ' ' . $session_file);

?>

delete_tmp.php file is owned by gamito.users

/tmp/sess_89765 file has permissions -rw------ and is owned by gamito.users

My /tmp permissions are rwxrwxrwt and is owned by root.root

I know that the the sticky bit only allows files to be deleted by
their owners, the owner of the directory or by root.

Never the less, i can switch to /tmp directory and delete sess_89765
file as user gamito.

If I run:
$ php delete_tmp.php

as root, it deletes sess_89765 file.

But if I do the same has user gamito, it doesn't delete the file !!!

Ideas ?

Any help would be appreciated.

Warm Regards,
Mário Gamito

Mário Gamito wrote:
> Hi,
>
> I have this PHP script (simplificated here), called delete_tmp.php
> that basically calls external commands:
>
> <?php
>
> $session_file = '/tmp/sess_89765'
>
> system(''rm -f' . ' ' . $session_file);
>
> ?>
>
> delete_tmp.php file is owned by gamito.users
>
> /tmp/sess_89765 file has permissions -rw------ and is owned by gamito.users
>
> My /tmp permissions are rwxrwxrwt and is owned by root.root
>
> I know that the the sticky bit only allows files to be deleted by
> their owners, the owner of the directory or by root.
>
> Never the less, i can switch to /tmp directory and delete sess_89765
> file as user gamito.
>
> If I run:
> $ php delete_tmp.php
>
> as root, it deletes sess_89765 file.
>
> But if I do the same has user gamito, it doesn't delete the file !!!
>
> Ideas ?
>
> Any help would be appreciated.

It is a bit odd as it should delete it fine. Does using the PHP internal
function unlink() work better than shelling out? system() will possibly
have more overheads and it may require that the user has a valid SHELL
etc. too...

Col

On Fri, Mar 28, 2008 at 11:24 AM, Mário Gamito <gamito@gmail.com> wrote:
> Hi,
>
> I have this PHP script (simplificated here), called delete_tmp.php
> that basically calls external commands:
>
> <?php
>
> $session_file = '/tmp/sess_89765'
>
> system(''rm -f' . ' ' . $session_file);
>
> ?>

That's extremely short for a session name. Should it be
/tmp/sess_89765* ? Or is that just an example? Since the ending
semicolon is missing, I'll presume it's just an example. ;-P

Also, here are two different ways of doing that:

<?php
// Method 1
$session_file = '/tmp/sess_89765';

exec('rm '.$session_file.' 2>&1',$ret,$err);

echo isset($err) && $err != 0 ? print_r($ret) : null;
?>

<?php
// Method 2
$session_file = '/tmp/sess_89765';

if(file_exists($session_file) && is_file($session_file) &&
is_writeable($session_file)) {
unlink($session_file);
} else {
echo "No file named ".$session_file."\n";
}

?>


> delete_tmp.php file is owned by gamito.users
>
> /tmp/sess_89765 file has permissions -rw------ and is owned by gamito.users
>
> My /tmp permissions are rwxrwxrwt and is owned by root.root
>
> I know that the the sticky bit only allows files to be deleted by
> their owners, the owner of the directory or by root.
>
> Never the less, i can switch to /tmp directory and delete sess_89765
> file as user gamito.
>
> If I run:
> $ php delete_tmp.php
>
> as root, it deletes sess_89765 file.
>
> But if I do the same has user gamito, it doesn't delete the file !!!
>
> Ideas ?
>
> Any help would be appreciated.
>
> Warm Regards,
> Mário Gamito
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>



--
</Daniel P. Brown>
Forensic Services, Senior Unix Engineer
1+ (570-) 362-0283