3

Any ideas on why apache (httpd) creates these files in /tmp? I'm on Redhat 5.5 and Apache 2.2, mpm-prefork.

-rw-------. 1 apache apache 0 Aug 14 12:46 filec1puD5 -rw-------. 1 apache apache 0 Aug 14 12:46 fileKJqaih -rw-------. 1 apache apache 0 Aug 14 12:46 fileB7j9Ws -rw-------. 1 apache apache 0 Aug 14 12:46 file1o7MCE -rw-------. 1 apache apache 0 Aug 14 12:46 filefqAvjQ -rw-------. 1 apache apache 0 Aug 14 12:46 filexjpv01

Sometimes, I see dozens of these, and I always delete them, but haven't found anything on why or how these files are generated in the first place. Error logs look clean, albeit, they're set to Error.

Update: Application is Drupal 7, running on PHP 5.3.2.

Improve this question
2
  • 2
    These could be files written by applications running on it or apache itself could be creating them for sessions/fileuploads.. Commented Aug 14, 2012 at 18:15
  • @Chida: Thanks for dropping in. Should these file be deleted when the application is done with the sessions/file uploads? It doesn't appear to be. Updated my question with application info. Commented Aug 14, 2012 at 18:29

2 Answers 2

Reset to default
2

/tmp is PHP's default folder for session data. You can change this by editing the "session_save_path" in your php.ini file. The being said, various scripts could write various session data here.

There are cases where lax permissions in this folder have led to vulnerabilities (UID/Symlink attacks), so if you suspect these files don't line up with what your PHP application is expected to be doing, I might recommend redirecting your PHP sesion files and watching this area closely.

Improve this answer
2
  • Are these files recycled after the process/session ends? They don't appear to be. Is there a way to tie a file to a process/session? lsof? Commented Aug 23, 2012 at 14:04
  • 1
    You could in theory use lsof to see what process ID touches the files, however I wouldn't know how to translate that PID into a PHP sessions, maybe someone else here does. As for grabage collection, my understanding is PHP does include session files in it's cleanup routines. If they aren't being removed I'd look into why they're not being included. appnovation.com/session-garbage-collection-php Commented Aug 24, 2012 at 0:37
-1

Typically session files are written as sess_xxx. These files may be temporary remnants of file uploads. When a enduser uploads a file, these files are written to /tmp and once completely uploaded, they are moved off to their actual destination.

Can you try doing a less on these files? I'm not sure if these files are binary. Also run file command on any of these files.

Improve this answer
1
  • less? the files are 0 length. Commented Aug 15, 2012 at 19:13

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.