homepage Welcome to WebmasterWorld Guest from 54.161.133.166
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
Forum Library, Charter, Moderators: bakedjake

Linux, Unix, and *nix like Operating Systems Forum

    
session.save path permissions (ubuntu 10.04, PHP 5.3.2)
Best practice for session folder permissions?
max4




msg:4173688
 10:40 pm on Jul 20, 2010 (gmt 0)

Hi,

I'm running a LAMP server using PHP Version 5.3.2-1ubuntu4.2 on ubuntu 10.04. Does anyone know what the default permissions are for the session folder (defined in php.ini)? I modified these recently to 777 because of a warning I periodically received; however, this warning didn't hinder the site's functionality at all. I was reading a few articles, and a 777 permission allows for session hijacking; so I would like to revert to the original configuration. I think it was 766 from what I could remember, but setting the session folder to 766 throws the following warnings:


[Tue Jul 20 16:15:24 2010] [error] [client x.x.x.x] PHP Warning: session_start(): open(/path/to/folder/sess_neruoouifriqvrspo41hllg7m4, O_RDWR) failed: Permission denied (13) in /var/www/index.php on line 3, referer: https://www.example.com/
[Tue Jul 20 16:15:24 2010] [error] [client x.x.x.x] PHP Warning: Unknown: open(/path/to/folder/sess_neruoouifriqvrspo41hllg7m4, O_RDWR) failed: Permission denied (13) in Unknown on line 0, referer: https://www.example.com/
[Tue Jul 20 16:15:24 2010] [error] [client x.x.x.x] PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/path/to/folder) in Unknown on line 0, referer: https://www.example.com/


When I
exec('whoami'); I get www-data. So I attempted the following:

chown root:www-data /path/to/folder -R

But still no cigar. What is the best practice for setting up php session permissions and how do I go about accomplishing that? Thank you very much for any help in this matter

Sincerely,
Max

 

max4




msg:4173710
 11:29 pm on Jul 20, 2010 (gmt 0)

Okay, so here's an update. I made www-data the owner of the folder:

chown www-data:www-data /path/to/folder -R

And set the permissions to 766.

The sessions are working again, however; I am not sure if this is best practice. Any ideas?

Thanks

Sincerely,
Max

lammert




msg:4173798
 3:04 am on Jul 21, 2010 (gmt 0)

The user under which the Apache/PHP is running should be the owner of the directory. Furthermore, because the session files in the directory may contain sensitive information, the best practice is to limit access by other users as much as possible.

In your situation where Apache is apparently running as user www-data, you can achieve that by changing the owner of the directory to www-data (which you already did) and change the permissions to 700.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved