1

I've just moved a collection of sites over to a brand-new server, running Apache 2.2.3, PHP 5.3, and Plesk 10.1.1. I am having problems with file permissions on PHP sessions, which are being stored in /var/lib/php/session.

I originally set the permissions like so for this folder:

drwxrwx--- 2 apache psacln 8192 Mar 22 23:25 session

This worked fine, for HTTP sessions. Files were being saved in that folder with these permissions:

-rw------- 1 client1 psacln 0 Mar 22 23:24 sess_507... -rw------- 1 client2 psacln 0 Mar 22 23:25 sess_8o1...

The problem, however, is that PHP scripts accessed via HTTPS do not seem to be run by the same client1 or client2 user. I deleted files in the session directory and accessed a login page via HTTPS to see how sessions were being saved when initiated via this protocol:

-rw------- 1 apache apache 0 Mar 22 23:25 sess_507...

So, for whatever reason, sessions initiated by clients browsing with HTTPS were being saved by apache:apache, while sessions from HTTP clients were saved with someclient:psacln.

What I'd like to ask:

  1. How can I avoid this problem with session permissions? When sessions are created via unencrypted HTTP and a client visits an HTTPS portion of the site, permission errors are shown, since apache:apache tries to access the session save created by someclient:psacln. The converse is also true.
    1. Can I change the user which runs the Apache HTTPS server, via Plesk or the command line?
    2. If not, can I have PHP sessions save with rw-rw---- permissions, and then add apache to the psacln group?
    3. Any other suggestions on how to fix this issue?
Improve this question

1 Answer 1

Reset to default
2

Change your /etc/php.ini file:

session.save_path = "0;0660;/var/lib/php/session"

PHP 5.3.5 mabe will save your session file as -rw-r-- if it does, then you need to edit your application, use the code instead only start_session():

usermod(0); start_session();

then it will save the session files with -rw-rw-- permission.

You will also need to change your apache group to psacln (your server maybe running as apache:apache because some updated from apache has overwrite the config file).

Edit your httpd.conf

change from:

user = apache group = apache

To:

user = apache group = psacln

Now if you change from mod_php to FastCGI and back, you will not have conflict with your session permissions.

Don't forget to restart your apache server after the changes /etc/init.d/httpd restart

If you are using a debian distro, your daemon command will be /etc/init.d/apache restart and your config files will be inside a synonymous folder like /etc/php/apache/php.ini and /etc/apache/httpd.conf or /etc/apache/apache.conf

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.