I need to know where the uploaded files are sent when a user upload a file like an image through php. The files are written direct to the destination directory in scripts or they uploaded to an tmp directory? In this case, would be nice if tmp directory were mounted with flags noexec
and nosuid
. With FPM PHP and NGINX, this is necessary? when I list the content of the directory /tmp
while I upload an file, the directory is showing empty.
PS: the script is running as user that owner directory. I change the var tmp_upload_di
r and when a file is uploaded, the directory still empty.