Skip to main content
We are aware of an issue with a recent Apache update that causes proxied sites to return a "421 Misdirected Request" error. Please see the following article for more information and updates:
Websites show 421 Misdirected Request error while using EA Nginx

How to set upload_tmp_dir to a dynamic path in multiphp ini editor

DevTeam9200
Hi All, Is there a way to set the php.ini for all users for upload_tmp_dir to a dynamic path. Example I want all users upload path to be set to /home/$username/public_html/tmp This is the setting I found in WHM -> Multi php ini editor ; Temporary directory for HTTP uploaded files (will use system default if not ; specified). ; 106.0.9 Running EA and Engintron Also PHP-FPM is in use and turned on. Thanks

Comments

5 comments

Date Votes
  • timkah
    You can uncomment upload_tmp_dir and set a path for it upload_tmp_dir = /home/user/tmp
    0
  • DevTeam9200
    You can uncomment upload_tmp_dir and set a path for it upload_tmp_dir = /home/user/tmp

    Hi Timkah, I am aware of that but what is the "variable" to place "user" ie if I use /home/user/tmp then it "user" be automatiacally replaced with example fred1com let say cpanel account is fred1com and i use the above will it automatically replace /home/user/tmp with /home/fred1com/tmp ? Please see my php.info not showing what I would expect /home/fred1com/tmp it is showing /home/user/tmp what is the "variable" for user is my question I really guess I am asking? Is it %username% $username etc To clarify even further is I want to edit mutli php editor in WHM backend and edit this setting that applies to "ALL" users on that server. Or alternatively I guess if I must set this setting "per user" where do I edit this setting for only just 1 single user account.
    0
  • rbairwell
    How ever I cannot seem to figure out how to use /home/$username/public_html/tmp in this ini editor.

    Do not put the tmp directory in the public webroot - it may contain data which can be used to breach the site (such as some session information, temporary uploads - someone could upload a malicious file and then try and execute it in that folder by calling it via the web). Go for /home/$username/tmp/ if you must - but be aware that by default tmpwatch doesn't automatically remove empty files from there (it does /tmp and /var/tmp (and a few others) - so user directories may get full with temporary files. [QUOTE] OR EVEN better can some on please advise if it is possible for the user to the set the upload_tmp_dir directory in there own cpanel account? is this possible. (it is not a public server but privately managed with just one site on it).
    Yes, this can be done under cPanel->Software->MultiPHP INI Editor->Editor Mode. [QUOTE] How ever I cannot seem to figure out how to use /home/$username/public_html/tmp in this ini editor.
    There's not an easy way that I know of (off the top of my head) to do this, but there may be a workaround (I haven't tested this!): * Create a file such as /etc/php_tmp_folder_rewrite.php * In it have the code:
    (alternatively, setting to: * $tmp_dir = dirname($_SERVER['DOCUMENT_ROOT'> ).'/tmp/';
    or * $tmp_dir = posix_getpwuid(getmyuid())['dir'>.'/tmp/';
    or * $tmp_dir = posix_getpwnam(get_current_user())['dir'>.'/tmp/';
    or * $tmp_dir = getenv('HOME').'/tmp/';
    (see this editing the Apache template files a possibility .
    0
  • DevTeam9200
    Do not put the tmp directory in the public webroot - it may contain data which can be used to breach the site (such as some session information, temporary uploads - someone could upload a malicious file and then try and execute it in that folder by calling it via the web). Go for /home/$username/tmp/ if you must - but be aware that by default tmpwatch doesn't automatically remove empty files from there (it does /tmp and /var/tmp (and a few others) - so user directories may get full with temporary files. Yes, this can be done under cPanel->Software->MultiPHP INI Editor->Editor Mode.

    Thanks for the advise and direction. One quick last confirmation that setting it as /tmp as per below should be fine from a security perspective and have no issues? Would you advise there is a security concern or server performance issue with the below at all? If so what ? I believe reconfiguring the server entirely for this is not viable. client will need to rewrite their application to work and capture the uploads from the /tmp directory instead as it appears to be the more practical and secure standard method. Thanks so much for assistance! Great stuff
    0
  • rbairwell
    . One quick last confirmation that setting it as /tmp as per below should be fine from a security perspective and have no issues?

    That's fine. That is the standard server root temporary directory and should be reasonably secure from third parties (it's possible that other users on the same server could access the files, but they should be automatically created with your userid which should allow protection). [QUOTE] I believe reconfiguring the server entirely for this is not viable. client will need to rewrite their application to work and capture the uploads from the /tmp directory instead as it appears to be the more practical and secure standard method.
    If it is just for the one user, they can add the upload_tmp_dir setting via their cPanel->Software-MultiPHP INI Editor and set it to /home//tmp if they wanted to. If they are using the standard sys_get_temp_dir and
    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post