File Upload Problem

[eoheod]

Good morning!

My users have brought to my attention a problem with Directadmin.

In the File Manager, using the upload files functionality specifically.

When anyone (including me using an admin account) uploads a file, DA says that it uploaded successfully, but the file wasn't actually uploaded.

I am running the current 1.25.4 version of DA.

There are no errors in the apache error log. I have upgraded to apache 2 if this makes a difference.

I'd appreciate any help and will happily post any more information that may be required!

Thanks

 

[resolveit]

Hate to dissapoint you but using the save version the File upload in the filemanager works. I'm running on CentOS 4, what OS are you using?

 

[eoheod]

Fedora Core 3

 

[resolveit]

Maybe other users on Fedora Core 3 can test this and share their experiences here.

 

[planepix]

my box is running fedora core 3 either, works just perfect (Apache not upgraded)

 

[thoroughfare]

Hi,

I'm running v 1.26.1 on FreeBSD 5.3 and I can confirm this problem, can someone from DA suggest a fix? I've tested on multiple user accounts in the /home/user/ directory and in public_html.

Thanks,
Matt

 

[jmstacey]

I had a similar issue several months ago on Debian and it was caused because the /home/tmp directory got delete.

You might want to check it out and see if it's the same. If the directory has the wrong permissions I can reproduce the problem you are describing.

 

[thoroughfare]

That would explain it... I deleted /home/tmp/. Can someone please post the correct permissions and owner/group for /home/tmp/?

Thanks!
Matt

 

[jmstacey]

chown root:root
and
chmod 1777
should do the trick for you.

 

[thoroughfare]

Thanks!

One concern tho, it seems pretty insecure to have it chmod 1777. What about 1770?

Thanks,
Matt

 

[nobaloney]

All tmp directories need to be world readable, world writeable, and world executable.

Best practices:

1) Delete /home/tmp and create a link from /home/tmp to /tmp:

# cd /home
# rm -Rf tmp
# ln -s /tmp /home/tmp

Now your /home/tmp directory is merely a link to /tmp.

Is /tmp on it's own partition? If so set the partition to be non executable (this has nothing to do with the executable flag on the directory entry).

If it's not on it's own partition, then search these forums for instructions on creating a non executable /tmp partition from a directory.

Jeff

 

[thoroughfare]

Hi Jeff,

Thanks for the info. My suggestion for 1770, I realised later, would be useless anyway.

My /tmp is nodev, noexec, nosuid, but I'm also worried about the possibility of users reading other user's files that are being uploaded... such as PHP scripts containing passwords.

Thanks,
Matt