2

I have a VPS running on CentOS 5 with Plesk 9.
My website us running on FastCGI.

I'm having problems reading / writing sessions. On my servers error_log I get the following errors:

(...) Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/var/lib/php/session) in Unknown on line 0  

(...) open(/var/lib/php/session/sess_v8g5rt6p83b9one3mlg9sh9ts0, O_RDWR) failed: Permission denied (13) in Unknown on line 0

I'm tempted to change

session.save_path = "/var/lib/php/session"
to
session.save_path = "/tmp"

The problem is that /tmp has chmod 777, so I'm not sure if this is the best way to go?

Update
The session dir has the following rights: -rwxrwx--- User root Group apache

Steven
  • 275
  • 2
  • 9
  • 21

2 Answers2

7

Why don't you fix the permissions on /var/lib/php/session? This directory simply needs to be writeable by the httpd user (which, depending on your os, may be something like www-data or apache; look for the User directive in your httpd.conf).

The commands will look something like:

chown apache /var/lib/php/session
chmod 700 /var/lib/php/session

This makes the directory writeable by the apache user, and generally inaccessible to everyone else.

larsks
  • 43,623
  • 14
  • 121
  • 180
  • I think my `session` dir already has 770 (`-rwxrwx---`). User is `root` and group is `apache` – Steven Jan 25 '11 at 02:50
  • httpd.conf says that user and group is `apache`. – Steven Jan 25 '11 at 02:51
  • 1
    Do you have your FastCGI environment configured to run your applications under a different user ID? If you temporarily change the permissions to mode 777, then allow PHP to create a session file, you can then look at the ownership on that file to see for certain -- and then use that information to correctly set the permissions on the session directory. – larsks Jan 25 '11 at 03:02
  • +1 - this is the better option – Mark Henderson Jan 25 '11 at 03:12
  • 1
    Brilliant. Worked like a charm! This will significantly reduce the error_log entries :) – Steven Jan 25 '11 at 09:11
1

This happened to me after I switched to running php using fcgi to solve permissions problems. Prior to this change, php scripts ran as apache:apache which resulted in permissions errors (unless you chmod 777'd all directories which is very dangerous). After switching to the fcgi method of running php, php scripts now run as user group psacln, however the /var/lib/php/session directory was still owned by root:apache. My solution was to chown root:psacln /var/lib/php/session ; chmod 770 /var/lib/php/session

Donald Burr
  • 111
  • 4