You are here

Drupal d7 temporary directory & cpanel

Updated 22 March 2013. Created by janroe 16 June 2011.

Drupal 7. It looks like the file setting in Configuration > File System, Temporary directory might be the cause of error messages /problems. I didn't write down the initial errors.

Funny thing is that I have a lot of D6 sites on the same server, with the same standard setting as D7 and there have not been any problems with it.

The issue might also be related to a multisite setup, with multiple sites using the same tmp directory.

-------
Update 120915: Also see:
http://sandu.camerzan.md/content/fix-file-upload-error-could-not-move-up...
-------
Update 110811: Also see:
http://stackoverflow.com/questions/5040718/file-system-permission-error-...
http://drupal.org/node/1106492#comment-4562780 (how to fix it)
http://drupal.org/node/1008328 (D7 patch/update = fixed in new versions)
-------

At the actual file manager home/[username] level, above public_html, there already is a tmp directory, but it is clearly used for cpanel data. I suspect that Drupal's temporary files really should not go in there. So:

Temporary directory standard setting is

/tmp/

The D7 entry box has a warning that the tmp directory should not be accessible through the web.
Also, an earlier version of D7 did not have the trailing slash.

For Acquia "cloud" hosting the setting is suggested as

mnt/files/[sitename]/files/tmp

Source: http://network.acquia.com/documentation/acquia-hosting/drupal-temp-dir

I suspect that a unix type mnt would not be applicable when using standard shared hosting.

Some forums say the setting should better be

/home/[username]/tmp

and set permissions chmod 777.
Source: http://rockthedrop.com/drupal_help/just-installed-drupal-7-and-getting-m...

This still creates a directory/file path within public_html: home > name > tmp, instead of moving up a level above public_html. And 777 looks wrong to me.

Then some suggestions are

home/[username]/tmp

Same as above, but no slash.
Source: http://drupal.org/node/1008776

Then, any tmp folder in the user directory

tmp

with "proper" access permissions.
Source:
http://stackoverflow.com/questions/3134736/drupal-php-problem-with-hosti...
http://drupal.be/forum/tmp-problemen-bij-nederlands

Some forums say the setting should be

sites/[sitename]/files/tmp

example:
sites/default/files/tmp

Sources:
http://stackoverflow.com/questions/4632779/drupal-7-is-unable-to-install...
http://network.acquia.com/node/1390520 (on windows server, search for "temp")

This separates the tmp directories for multiple sites and dbases using one code base; solving the issue of temporary files for multiple sites getting mixed up. But it looks fairly unsafe.

Following this,

  • sites/[sitename]/files/tmp directory creates itself there with permissions 755
  • sites/[sitename]/tmp will not create itself (permission denied).This would need to be done manually

The first option works. Files and directories get created in the tmp directory. But the permissions do not appear to be very secure; this needs some further testing.

Option 2 from above may be more secure; also with stricter permissions?
Source: http://old.nabble.com/problem-with-tmp-folder-and-permission-td23434921.... (last).

Earlier:
Most probably unrelated, the entire hosting account crashed. Since the sites were new, I reinstalled them (in D6). This issue will reappear lateron, and I keep looking for a definitive solution.

Comments

Hi janroe...
Im that rockthedrop guy. The path I suggested for the tmp directory... As you noted correctly: home > name > tmp Was perfectly fine and not web accessible because theweb root is home > name > www .

I agree that the permissions are questionable but i had some thought that there may be multiple owners of httpd. Thereby requiring possible group permission settings. More importantly, the perms on /tmp are set to 777 so I found fewer reasons to change that.

Plus the files written to this directory are temporary binaries that will be easily accessible by web anyway... So why worry?

Thanks for the reference though. :) cool

- Khalim

Geez... That reads strangely.
I was simply saying ( first statement )that the tmp directory was fine. Completely different from the web root. That's all

Thanks for the comments! Let me update this.
The private files go into home/[username]
../private

or, for a multisite, separate them by
../private/site1
../private/site2

The public tmp files go into home/[username]/tmp/drupal
../tmp/drupal/site1
../tmp/drupal/site2

In both cases the default directory permissions 755 work fine and appear to be correct.
There's also the .htaccess security file, located in each private and each tmp siteN directory. D7 also warns you about it.
See: https://www.drupal.org/SA-CORE-2013-003

Add new comment

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
CAPTCHA
Thanks for your help in stopping spam.
Fill in the blank.