phpMyAdmin TempDir warning persists in HestiaCP despite correct permissions and writable path

1

Hello,

On a HestiaCP server (Ubuntu 24.04, Nginx + Apache, PHP-FPM 8.3/8.4), phpMyAdmin shows:

$cfg['TempDir'] (/usr/share/phpmyadmin/tmp/) is not accessible

However, the directory is writable and all checks indicate it is functional.

Environment

  • HestiaCP default stack (Nginx + Apache)
  • PHP-FPM (multiple versions active: 8.3 / 8.4)
  • phpMyAdmin installed in /usr/share/phpmyadmin
  • Access only via Hestia vhost (/phpmyadmin on domains)

root@host:~# curl -sSL https://7j.gg/hcpver | bash -s –
Software Version

OS Ubuntu 24.04.4 LTS
Hestia 1.9.6
Hestia-nginx 1.30.2
Hestia-php 8.4.21
FileGator 7.14.3
Nginx 1.31.2
Apache2 2.4.58
PHP8.4 8.4.22
PHP8.3 8.3.31
Awstats 7.9
Exim4 4.97
Dovecot 2.3.21
Dovecot-sieve 2.3.21
Spamassassin 4.0.0
Clamav 1.4.4
Roundcube 1.6.16
Vsftpd 3.0.5
Bind9 9.18.39
Mariadb 11.4.12
phpMyAdmin 5.2.3
Fail2ban 1.0.2

Current TempDir state

ls -ld /usr/share/phpmyadmin/tmp

Result:

drwxrwx--- hestiamail:www-data /usr/share/phpmyadmin/tmp

Filesystem verification

sudo -u hestiamail test -w /usr/share/phpmyadmin/tmp && echo OK

Result:

OK

Runtime write test

sudo -u hestiamail php -r 'mkdir("/usr/share/phpmyadmin/tmp/test", 0770);'

Result:

(no error, directory created successfully)

Twig cache test

Initially removed:

rm -rf /usr/share/phpmyadmin/tmp/*

Then recreated:

mkdir -p /usr/share/phpmyadmin/tmp/twig
chmod 770 /usr/share/phpmyadmin/tmp/twig
chown -R hestiamail:www-data /usr/share/phpmyadmin/tmp

Result:

directory exists and is writable

However, phpMyAdmin warning persists unchanged.

PHP configuration checks

php -i | grep -E "open_basedir|TempDir"

Result:

  • no relevant open_basedir restriction for /usr/share/phpmyadmin
  • no explicit $cfg['TempDir'] override in Hestia config

phpMyAdmin config

$cfg['UploadDir'] = '';
$cfg['SaveDir'] = '';

No TempDir defined explicitly.

Observed behavior

  • phpMyAdmin loads normally
  • full functionality works (no runtime errors)
  • TempDir is writable and verified via CLI
  • twig directory exists and is writable
  • but UI warning persists:

$cfg['TempDir'] (/usr/share/phpmyadmin/tmp/) is not accessible

Question

Given that:

  • filesystem permissions are correct
  • PHP-FPM user can write to TempDir
  • directories can be created manually and via PHP CLI
  • no open_basedir restrictions apply

Is this a known issue in HestiaCP + phpMyAdmin integration where ServerConfigChecks incorrectly flags TempDir as inaccessible despite valid permissions?

Or is there another layer (config resolution / vhost context / phpMyAdmin check logic) that could cause this mismatch?

Additional observation (Hestia-specific)

My /etc/phpmyadmin directory is owned by:

root:hestiamail

while /usr/share/phpmyadmin/tmp is:

hestiamail:www-data

This differs from the common Debian-based phpMyAdmin expectation (root:www-data), and may be relevant to how ServerConfigChecks evaluates $cfg['TempDir'] in Hestia’s multi-user PHP-FPM environment.

If needed, I can provide nginx/apache vhost configs or phpMyAdmin version details.

Thanks in advance!

2

Hi,

The issue is neither Hestia nor phpMyAdmin, it’s because Sury’s PHP packages introduced systemd hardening that makes /usr/share/phpmyadmin/tmp/ non-writable.

To fix it now:

mkdir -p "/var/lib/phpmyadmin/tmp"
chown -R hestiamail:www-data "/var/lib/phpmyadmin/tmp"
echo "<?php" > "/etc/phpmyadmin/conf.d/02-tempdir.php"
echo "\$cfg['TempDir'] = '/var/lib/phpmyadmin/tmp';" >> "/etc/phpmyadmin/conf.d/02-tempdir.php"

A PR has already been merged to fix it in the next release.

3

Thanks a lot @sahsanu!! Also for the PR..