Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion

osTicket v1.10 (stable) and Maintenance Release v1.9.15 are now available! Go get it now

Attachments directory

We pretty much have to use the attachments directory instead of storing attachments in the database otherwise our database would be massive.

We just ran into an issue with our server and had to restore the site from backup, and were shocked to discover the attachments directory was empty and now we are getting hundreds of emails non-stop: IOException: Unable to read resource content

Upon further investigation the folders and files seem to not get backed up because the directory has non-standard permissions then the system would be expecting on a user folder.  Standard directory permissions would be 755 drwxr-xr-x giving read/write/exec to user and read/exec to group/everyone.  The folder also has a sticky bit which is typically only set on /tmp - https://en.wikipedia.org/wiki/Sticky_bit

My suggestion would be that this be changed in order that standard linux/unix backups can back the attachments directory up.  Would it also be possible attach the standard file with the extension?  I'm not sure what the benefit is to renaming it to a temp sort of file with no extension is.

And as a side note if anyone has any suggestions what we should do to resolve the issue with our missing attachments in our 7,000 tickets please let me know.  I think we are going to have to try and make a duplicate of the site and write a script to somehow remove these from the database to stop these errors, but maybe there is a better way...?








Comments

  • Thanks for the suggestion.

    So my understanding is that when one uploads a file via PHP it gets put in the PHP tmp folder.  Once it completes transferring to the server, the webserver/php will move it to its intended destination.  Hence why it copies the permissions of the initial file... I think that the fix for this would be for you to change PHP's tmp folder and set the permissions on it that you want the end file to have.

    Q: Would it also be possible attach the standard file with the extension?
    A: This is how it used to be, and people complained saying that it wasn't secure. Anyone with the file name would be able to view the file from the web.  This was an attempt at heightening security I highly doubt that they (the devs) would move this backwards.

    Q: but maybe there is a better way...?
    A: I think that if you cannot get the files back, that your best bet would be to remove the attachments from all the tickets.  I've never tried to do this... but I imagine that if you drop the ost_attachment and ost_ticket_attachment tables that you will nuke all the attachments.
Sign In or Register to comment.