Topic: Information: php 5.4.26 session path permission

Hi, just a note to anyone running a similar config as I am.
I'm running nginx & php-fpm as the user "nginx"

The php 5.4.26 update changed the group ownership of: /var/lib/php/session
From root:nginx to root:apache

Therefore php-fpm could not write session data.
Simply changing back the permission fixed the issue: "chgrp nginx /var/lib/php/session"

Hope this is useful to someone!
P.S. downgrading php to the previous version did not work, the ownership was not restored...

PHP message: PHP Warning:  session_write_close(): Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/var/lib/php/session)
[error] FastCGI sent in stderr: "PHP message: PHP Warning:  session_start(): open(/var/lib/php/session/sess_xxxxxxxxxxxxxxxxxxxxxxxxxx, O_RDWR) failed: Permission denied

Re: Information: php 5.4.26 session path permission

No, this is not the correct solution

In default provided pool configuration (/etc/php-fpm.d/www.conf)

...
user = apache
...
; Set session path to a directory owned by process user
php_value[session.save_handler] = files
php_value[session.save_path]    = /var/lib/php/session
php_value[soap.wsdl_cache_dir]  = /var/lib/php/wsdlcache
...

Which is consistent and works out of the box.

If you change default pool configuration or create another pool using another user, you must use another directory.
Ex:

...
user = foo
...
; Set session path to a directory owned by process user
php_value[session.save_handler] = files
php_value[session.save_path]    = /var/lib/php/foo-session
php_value[soap.wsdl_cache_dir]  = /var/lib/php/foo-wsdlcache
...

And it you run various pool under various user account, you must use 1 different directory per user.

Laptop:  Fedora 38 + rpmfusion + remi (SCL only)
x86_64 builder: Fedora 39 + rpmfusion + remi-test
aarch64 builder: RHEL 9 with EPEL
Hosting Server: CentOS 8 Stream with EPEL, rpmfusion, remi

Re: Information: php 5.4.26 session path permission

Additional notice, php-fpm now provides /var/lib/php/session, because of Bug #1069790

And changing this dir ownership is not a solution. It will be restored to default on each PHP update.

Laptop:  Fedora 38 + rpmfusion + remi (SCL only)
x86_64 builder: Fedora 39 + rpmfusion + remi-test
aarch64 builder: RHEL 9 with EPEL
Hosting Server: CentOS 8 Stream with EPEL, rpmfusion, remi

4 (edited by Per Hansson 2014-03-09 09:53:07)

Re: Information: php 5.4.26 session path permission

Thank you for clarifying Remi!
Merci smile

P.S: on my system the dir "wsdlcache" is not created.
From the bugreport: "php-fpm should provide /var/lib/php/session and also /var/lib/php/wsdlcache"

Re: Information: php 5.4.26 session path permission

/var/lib/php/wsdlcache is only used by php >= 5.5 (small security improvment)

Laptop:  Fedora 38 + rpmfusion + remi (SCL only)
x86_64 builder: Fedora 39 + rpmfusion + remi-test
aarch64 builder: RHEL 9 with EPEL
Hosting Server: CentOS 8 Stream with EPEL, rpmfusion, remi