This questions comes from my poor knowledge of server-side web development, but I'll try to make it as clear as possible in order not to make any mistake in my server configuration.
I have a web application that at the press of a Download button should trigger a php which in turns will write a file to a directory and let the user who clicked download that file.
This directory will store temporary files and should be cleared periodically.
So my doubts are:
/var/www/<my_app>/tmp?)www-data) read and write permissions to this folder?EDIT1
Just saw php passthruw command. Will this be enough for zipped files and let me avoid thinking about the tmp folder and permission?
1) that temp folder could be created wherever you want.
2) when you have a php script and user clicks some button in front-end application and triggers that php script to run, that php script gets executed on behalf of apache2 user which in turn is the 'other - world permission'. (There are users,groups and others). So you should grant write permission to others in order apache2 user(www-data) to write to that directory.
This way you can't upload a file via ftp or sftp or whatever, because with ftp , your user won't be www-data. and remember what you did. you gave the write permission to only www-data.
To better understand this concept, I'd advise you to read the following link and the answer too. File permissions for Laravel 5 (and others)