3

Any ideas on why apache (httpd) creates these files in /tmp? I'm on Redhat 5.5 and Apache 2.2, mpm-prefork.

-rw-------. 1 apache   apache       0 Aug 14 12:46 filec1puD5
-rw-------. 1 apache   apache       0 Aug 14 12:46 fileKJqaih
-rw-------. 1 apache   apache       0 Aug 14 12:46 fileB7j9Ws
-rw-------. 1 apache   apache       0 Aug 14 12:46 file1o7MCE
-rw-------. 1 apache   apache       0 Aug 14 12:46 filefqAvjQ
-rw-------. 1 apache   apache       0 Aug 14 12:46 filexjpv01

Sometimes, I see dozens of these, and I always delete them, but haven't found anything on why or how these files are generated in the first place. Error logs look clean, albeit, they're set to Error.

Update: Application is Drupal 7, running on PHP 5.3.2.

KM.
  • 1,824

2 Answers2

2

/tmp is PHP's default folder for session data. You can change this by editing the "session_save_path" in your php.ini file. The being said, various scripts could write various session data here.

There are cases where lax permissions in this folder have led to vulnerabilities (UID/Symlink attacks), so if you suspect these files don't line up with what your PHP application is expected to be doing, I might recommend redirecting your PHP sesion files and watching this area closely.

Univ426
  • 2,179
-1

Typically session files are written as sess_xxx. These files may be temporary remnants of file uploads. When a enduser uploads a file, these files are written to /tmp and once completely uploaded, they are moved off to their actual destination.

Can you try doing a less on these files? I'm not sure if these files are binary. Also run file command on any of these files.

Chida
  • 2,531