[Bug] tmp_path = "../tmp"

[av-marcel-becker]

What happened?

I use Plesk and Plesk creates a web folder "httpdocs" so that the tmp folder is not public I changed the web directory to "httpdocs/docroot" and added the following in the config.ini.php under [General]: tmp_path = "../tmp" however it does not use the tmp folder in the previous directory, but instead creates "docroot.." in the previous directory and uses "docroot../tmp"
so there is:
httpdocs/docroot/
httpdocs/docroot../tmp

What should happen?

correct would be:
httpdocs/tmp

How can this be reproduced?

config.ini.php
[General] tmp_path = "../tmp"

Matomo version

5.1.0

PHP version

8.2.21

Server operating system

Linux Ubuntu

What browsers are you seeing the problem on?

No response

Computer operating system

No response

Relevant log output

No response

Validations

• Read our Contributing Guidelines.
• Follow our Security Policy.
• Check that there isn't already an issue that reports the same bug to avoid creating duplicates.
• The provided steps to reproduce is a minimal reproducible of the Bug.

[sgiehl]

Is there a specific reason why you want to move away the tmp directory? This should normally not really be needed.

It should though be possible using the config property you mentioned. But the config is simply appended to the detected document root. So if your document root is httpdocs/docroot and the config is ../tmp, the result will be httpdocs/docroot../tmp. So you might need to configure /../tmp to end up with httpdocs/docroot/../tmp, which should result in httpdocs/tmp

[av-marcel-becker]

the system check showed that various files should not be publicly accessible.

some of them were removed with the suggested nginx settings, but 2 files remained. (https://github.com/matomo-org/matomo-nginx/tree/master/sites-available)

nothing worked using the console command. (./console core:create-security-files) (https://matomo.org/faq/troubleshooting/how-do-i-fix-the-error-private-directories-are-accessible/)

so config/config.ini.php and tmp/cache/tracker/matomocache_general.php remained

I tried to restrict the permissions here, it worked for config.ini.php but not matomocache_general.php because the file is constantly being recreated and gets the old permissions. So the idea came up to move tmp folder and not make it publicly accessible.

I don't know why it works now, I tested this before and it resulted in an error, now the solution works. (confusing)
[General] tmp_path = "/../tmp"

[sgiehl]

Note: The security files generated by ./console core:create-security-files are only for apache and iis. So if you are using nginx that might not work.

[av-marcel-becker]

Thanks for the answer and the hint.

Maybe it would be a good idea to just leave the public files in the web directory and move everything else out of there, then you wouldn't need the additional Nginx entries. There would be no other problems, such as distributing permissions. It could also be that I'm just making it too complicated, idk.