Hi,

I'm running a LAMP server using PHP Version 5.3.2-1ubuntu4.2 on ubuntu 10.04. Does anyone know what the default permissions are for the session folder (defined in php.ini)? I modified these recently to 777 because of a warning I periodically received; however, this warning didn't hinder the site's functionality at all. I was reading a few articles, and a 777 permission allows for session hijacking; so I would like to revert to the original configuration. I think it was 766 from what I could remember, but setting the session folder to 766 throws the following warnings:

[Tue Jul 20 16:15:24 2010] [error] [client x.x.x.x] PHP Warning: session_start(): open(/path/to/folder/sess_neruoouifriqvrspo41hllg7m4, O_RDWR) failed: Permission denied (13) in /var/www/index.php on line 3, referer: https://www.example.com/
[Tue Jul 20 16:15:24 2010] [error] [client x.x.x.x] PHP Warning: Unknown: open(/path/to/folder/sess_neruoouifriqvrspo41hllg7m4, O_RDWR) failed: Permission denied (13) in Unknown on line 0, referer: https://www.example.com/
[Tue Jul 20 16:15:24 2010] [error] [client x.x.x.x] PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/path/to/folder) in Unknown on line 0, referer: https://www.example.com/

When I exec('whoami'); I get www-data. So I attempted the following:

chown root:www-data /path/to/folder -R

But still no cigar. What is the best practice for setting up php session permissions and how do I go about accomplishing that? Thank you very much for any help in this matter

Sincerely,
Max