Odd permissions issue with php-fpm, session_start failed on some but works on others

Question

Ok, I have php-fpm/apache/apc installed on ubuntu 12.04 with a website running a php shopping cart.

I am getting flooded with perrmissions errors like "Failed to write session data (files). Please verify that the current setting of session.save_path is correct" or "PHP Warning: session_start() .....failed: Permission denied (13) in ..."

And I noticed an interesting problem on the sessionsdata folder that might be a clue to what is happening. Here is a ls -la of the sessionsdata folder

    -rw-rw-r--   1 www-data phpsite     816 Aug 29 16:32 sess_r9tfvubu6stg6v918qp4b7tcg0
    -rw-rw-r--   1 phpsite  phpsite     816 Aug 29 16:32 sess_t99844p7rk6ldk548lplupv485
    -rw-rw-r--   1 www-data phpsite     864 Aug 29 16:30 sess_tdh221j4p6o3pvupc965h6pl56
    -rw-rw-r--   1 www-data phpsite     816 Aug 29 16:31 sess_tdtpp6he2quk7651tsekrhulr5

Now on my apache /etc/apache2/conf.d/php5-fpm file I have

    <FilesMatch ".+\.ph(p[345]?|t|tml)$">
        SetHandler application/x-httpd-php
    </FilesMatch>

    <FilesMatch ".+\.phps$">
        SetHandler application/x-httpd-php-source
        Order Deny,Allow
        Deny from all
    </FilesMatch>


    <FilesMatch "^\.ph(p[345]?|t|tml|ps)$">
        Order Deny,Allow
        Deny from all
    </FilesMatch>

    Action application/x-httpd-php /fcgi-bin/php5-fpm virtual
    Alias /fcgi-bin/php5-fpm /fcgi-bin-php5-fpm

    <Location /fcgi-bin/php5-fpm>
      Order Deny,Allow
      Deny from All
      Allow from env=REDIRECT_STATUS
    </Location>

    FastCgiExternalServer /fcgi-bin-php5-fpm  -appConnTimeout 10 -idle-timeout 300 -socket /tmp/php5-fpm.sock -pass-header Authorization

And on my virtual host file I have

    <IfModule mod_fastcgi.c>
    Alias /fcgi-bin/php5-fpm /fcgi-bin-php5-fpm-phpsite
    FastCgiExternalServer /fcgi-bin-php5-fpm-phpsite -appConnTimeout 10 -idle-timeout 300 -socket /tmp/php5-fpm-phpsite.sock -pass-header Authorization
    </IfModule>

And finally my phpsite Pool file I have

    [phpsite]
    user = phpsite
    group = phpsite
    listen.owner = phpsite
    listen.group = phpsite
    listen = /tmp/php5-fpm-phpsite.sock

and the permissions for the sessionsdata folder is

    drw-rwSr--+  2 phpsite  phpsite 2514944 Aug 29 16:46 .

I can't figure out why some sessions are being written with a www-data:phpsite ownership and others are phpsite:phpsite ownership...

I know my permissions are screwed up somehow but I can't see whats incorrect about them. I am also getting a fopen permissions error on the site too!

Can someone please help me? John

Answer 1

The phpsite user can only update existing sessions - it can't create new ones - chmod u+x yoursessiondatadirectory - looks like you've got PHP running as a module in Apache as well.

There's really no good reason I can think of to run a production system with Apache + php-fpm: use mod_php (and the pre-fork MPM) with Apache. If you re running nginx, G-Wan, Lighttpd, then use php-fpm.