Unable to List Contents or Create Files in /var/tmp Folder from PHP Executed Bash Script

cg flag

I have posted the question here as well

Objective: I want to trigger a webhook on a private linux-machine (its a local system not connected to internet), which can delete the spool data generated by CUPS server in /var/tmp folder.

To achieve this

Approach1 I 1st checked the default CUPS configuration files and edited the files there. Lines like in /etc/cups/cupsd.conf

PreserveJobFiles No

and in /etc/cups/cups-files.conf

RequestRoot /var/tmp

I thought changing the PreserveJob to no will automatically delete the cups spool files once the printing is finished.

Well, Approach-1 didn't worked so I tried approach-2

Approach2: I have a Ubuntu 22.04 machine with Apache and PHP installed. I have set up a new virtual host, "," with the DocumentRoot set to /var/www/

Within this directory, I have an index.php file that successfully serves content to the web browser.

From this index.php file, I am calling a bash-script located in my home directory. The bash script contains the following commands:


echo "Hello, I am above the ls command"
ls /var/tmp/

echo "Hello, I am below the ls command"
touch example.txt

rm -rf /var/tmp/cn*

echo "I am below the touch command"

The bash script is being executed, and I can see the output on the web browser for the echo statements. However, I am unable to list the contents of the /var/tmp folder or create a file within it.

Here are the changes I have tried, but none have resolved the issue:

  1. I have tried using both relative and absolute paths for ls & touch in the bash-script.

  2. I added the "www-data" user to the sudoers file under the "%sudo" line.

www-data ALL=(ALL) NOPASSWD: /home/example/                                                        
www-data ALL=(ALL) NOPASSWD: /var/tmp
  1. I changed the permissions of the bash script to be owned by the "www-data" user.
drwxrwxrwx  5 www-data www-data    6 Jun  6 08:39
  1. I changed the permissions of the /var/tmp folder to be accessible by the "www-data" user.
drwxrwxrwt  5 www-data www-data    6 Jun  6 08:39 tmp
  1. I removed the sticky bit from the /var/tmp folder and set its permissions to 777.
drwxrwxrwx  5 www-data www-data    6 Jun  6 08:39 tmp

I granted full permissions to the bash script and its parent directory.

When I check from the command line, I am able to list and create files in /var/tmp using www-data user like

root@cups-lxc-at-ct:~/instantpost# sudo -u www-data touch /var/tmp/cnijb
root@cups-lxc-at-ct:~/instantpost# sudo -u www-data ls /var/tmp

The ACL on /var/tmp is

root@cups-lxc-at-ct:~/instantpost# getfacl /var/tmp
getfacl: Removing leading '/' from absolute path names
# file: var/tmp
# owner: root
# group: root
# flags: --t

I checked the AppArmor:

sudo apparmor_status

I got this output

root@cups-machine:~# sudo apparmor_status                       
apparmor module is loaded.
11 profiles are loaded.
11 profiles are in enforce mode.
0 profiles are in complain mode.
0 profiles are in kill mode.
0 profiles are in unconfined mode.
0 processes have profiles defined.
0 processes are in enforce mode.
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.
0 processes are in mixed mode.
0 processes are in kill mode.

=> Interestingly, I have tested the same method with a different folder eg: /usr, /usr/example, /tmp/example, /home/example, etc..., and it worked successfully.

I am struggling to understand why I am encountering this issue specifically with the default /var/tmp folder. Any insights or suggestions would be greatly appreciated.

Marco avatar
br flag
is `/var` or `/var/tmp`part of the root filesystem or is `/var` or `/var/tmp` an own mount? Check mount options.
Marco avatar
br flag
Besides this, your bash script opens some security problems. You use a wildcard without correct quoting for files which can be written by any user.
Sheikh Muhammed Tadeeb avatar
cg flag
Yes, /var/tmp is part of the filesystem
Kamil Maciorowski avatar
cn flag
Please [do not cross-post](

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.