Hello, I am not sure that the answer is correct. I briefly tried to set up Apache/2.4.55 with /tmp as you described and it seems to work fine. Are you sure that there is no issue with permissions in subdirectories/files themselves?
Regards, On Wed, Feb 15, 2023 at 4:06 PM accelerator0099 <accelerator0...@gmail.com> wrote: > That's for serving temporary files, of course. > > > I am developing a file-sharing web application, but it hasn't finished > yet. Before finishing it if I upload something to or download something > from the server those files are stored in /tmp. In most cases they are > just temporary files and should be removed after use. I have used this > for some time, until a recent system upgrade which changed apache's > behavior and disallowed me accessing /tmp. > > > Thanks for explaining the reason! I'm just astonished to know that > apache could make such big changes today. > > > On 2/15/23 22:33, Antony Stone wrote: > > On Wednesday 15 February 2023 at 15:21:58, accelerator0099 wrote: > > > >> Apache is unable to access /tmp in any way. > >> I always get 403 Forbidden for that. > >> Why is /tmp different from others? > > My guess (and it is one) is that since /tmp can be written to by any > user, > > this is a security feature which stops someone running Apache in such a > way > > that an attacker could get some process to write either a file or a > symlink > > into /tmp and then be able to retrieve the content remotely over HTTP. > > > > However, given that many systems routinely delete the contents of /tmp on > > startup and/or shutdown, why would you ever want to point Apache at > files which > > exist there? > > > > What is the use case for having servable content under /tmp? > > > > > > Antony. > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > -- VladimĂr Chlup
