Trouble with permissions and temp files

Questions and postings pertaining to the usage of ImageMagick regardless of the interface. This includes the command-line utilities, as well as the C and C++ APIs. Usage questions are like "How do I use ImageMagick to create drop shadows?".
Post Reply
kareed
Posts: 11
Joined: 2010-05-17T08:06:36-07:00
Authentication code: 8675308

Trouble with permissions and temp files

Post by kareed »

Hi,
I am having trouble with the permissions on some temp files that imagemagick is trying to use.
The version is ImageMagick 6.6.5-0 2010-12-15 Q16
Platform if osx 10.5 on ppc

I am getting the following errors
PHP Fatal error: Uncaught exception 'ImagickException' with message 'unable to write blob `/var/folders/1Z/1ZOs3r15HKGGDQfu54uHyE+++TI/-Tmp-/magick-2tS9KAtc': Permission denied @ error/blob.c/ImageToFile/1538' in

In order to get it working I need to go in and manually change the permissions of the folders, for now I just change them to 777 and everything works fine. If I reboot the computer I need to go in and change the permissions again.

I am not the greatest with handling permissions so that makes things harder for me to figure out. How can I setup imagemagick so I don't have these problems?

thanks for the help
User avatar
anthony
Posts: 8883
Joined: 2004-05-31T19:27:03-07:00
Authentication code: 8675308
Location: Brisbane, Australia

Re: Trouble with permissions and temp files

Post by anthony »

PHP runs in a very restrictive environment on purpose.

Generally it will only read images that are 'globally readable' and write into directories that anyone can write into.

Check what your php environment is set up as. Using commands like 'id' 'umask' and 'env'.
Make sure the directory you are trying to use is set up correctly for PHP (not command line).

If you don't know what I am talking about, you may need more study into UNIX security, especially with regards to web and server environments.

On top of this many linux machines now run extra file attribute systems such as "SELinux" on fedora/redhat/centos whcih prevents any remote access 'server' accessing any file that is not marked as externally readable/writable. Such systems are a pain to use, and in many cases are turned off during installation, but for a External Facing Web server that can be a important method of protection.

For these problems check the system and error logs. If you don't have access, talk to your ISP provider.

Basically learn more about the system you are using.


ASIDE: these forum is not really meant for discussions about security aspects of PHP.
Anthony Thyssen -- Webmaster for ImageMagick Example Pages
https://imagemagick.org/Usage/
kareed
Posts: 11
Joined: 2010-05-17T08:06:36-07:00
Authentication code: 8675308

Re: Trouble with permissions and temp files

Post by kareed »

Thanks for the reply.

I think there may be a misunderstanding of the problem This isn't a directory that I am trying to use. This is a working directory that imagemagick is creating and using when it is first starting to be used. I had a hard time even finding the cause of the problem because most errors weren't very descriptive. I have no trouble with the directory I am reading from and writing the file to once I change the permissions on this working folder that imagemagick creates. What I was hoping is that there was a way I change a configuration file and have it use a different location for its working folder where I can set up permissions that work.

If this is caused by some sort of configuration within php is it possible to give me a few more specific recommendations?

Thanks
User avatar
anthony
Posts: 8883
Joined: 2004-05-31T19:27:03-07:00
Authentication code: 8675308
Location: Brisbane, Australia

Re: Trouble with permissions and temp files

Post by anthony »

MAGICK_TEMPORARY_PATH location of temporary files
or -set registry:temporary-path /data/tmp
In Windows, it is defined by the Registry entry
HKEY_Current_User\Environment\TMP

Note the directory should be pre-created (IM does not create directories, ever) with appropriate permissions for who ever (PHP or otherwise) is using it. Permissions such as 1777 (global read/write/access with stickbit) is standard for globally usable temporary directories. The sticky bit tells the system only the user that creates a file (thus owns it) can delete or rename the file. This is important for the security of temporary files.
Anthony Thyssen -- Webmaster for ImageMagick Example Pages
https://imagemagick.org/Usage/
Post Reply