Web server upload/save/import directories

If PHP is running in safe mode, all directories must be owned by the same user as the owner of the phpMyAdmin scripts.

If the directory where phpMyAdmin is installed is subject to an open_basedir restriction, you need to create a temporary directory in some directory accessible by the PHP interpreter.

For security reasons, all directories should be outside the tree published by webserver. If you cannot avoid having this directory published by webserver, limit access to it either by web server configuration (for example using .htaccess or web.config files) or place at least an empty index.html file there, so that directory listing is not possible. However as long as the directory is accessible by web server, an attacker can guess filenames to download the files.

$cfg['UploadDir']

The name of the directory where SQL files have been uploaded by other means than phpMyAdmin (for example, FTP). Those files are available under a drop-down box when you click the database or table name, then the Import tab.

If you want different directory for each user, %u will be replaced with username.

Please note that the file names must have the suffix “.sql” (or “.sql.bz2” or “.sql.gz” if support for compressed formats is enabled).

This feature is useful when your file is too big to be uploaded via HTTP, or when file uploads are disabled in PHP.

警告

Please see top of this chapter (Web server upload/save/import directories) for instructions how to setup this directory and how to make its usage secure.

参见

See 1.16 I cannot upload big dump files (memory, HTTP or timeout problems). for alternatives.

$cfg['SaveDir']

The name of the webserver directory where exported files can be saved.

If you want a different directory for each user, %u will be replaced with the username.

Please note that the directory must exist and has to be writable for the user running webserver.

警告

Please see top of this chapter (Web server upload/save/import directories) for instructions how to setup this directory and how to make its usage secure.

$cfg['TempDir']

The name of the directory where temporary files can be stored. It is used for several purposes, currently:

• The templates cache which speeds up page loading.
• ESRI Shapefiles import, see 6.30 Import: How can I import ESRI Shapefiles?.
• To work around limitations of open_basedir for uploaded files, see 1.11 I get an ‘open_basedir restriction’ while uploading a file from the import tab..

This directory should have as strict permissions as possible as the only user required to access this directory is the one who runs the webserver. If you have root privileges, simply make this user owner of this directory and make it accessible only by it:

chown www-data:www-data tmp
chmod 700 tmp

If you cannot change owner of the directory, you can achieve a similar setup using ACL:

chmod 700 tmp
setfacl -m "g:www-data:rwx" tmp
setfacl -d -m "g:www-data:rwx" tmp

If neither of above works for you, you can still make the directory chmod 777, but it might impose risk of other users on system reading and writing data in this directory.

警告

Please see top of this chapter (Web server upload/save/import directories) for instructions how to setup this directory and how to make its usage secure.