Correct permission for /var/lib/php/sessions ?
Hello !Friendica Admins
What's the correct permission for /var/lib/php/sessions
?
On this VPS's Debian 11 the permission was set to 600
and it caused this error log entries like this:
[error] 278592#278592: *61 FastCGI sent in stderr: "PHP message: PHP Notice: session_start(): ps_files_cleanup_dir: opendir(/var/lib/php/sessions) failed: Permission denied (13) in /var/www/friendica/src/Core/Session/Type/Native.php on line 54" while reading response header from upstream, client:
I've temporarily changed it to chmod 777 -R /var/lib/php/sessions/
. The owner remains unchanged as www-data:www-data
.
Friendica Admins reshared this.
OldKid
in reply to Andy H3 • • •/var/lib/php/sessions
is733
owner:group areroot:root
Andy H3
in reply to OldKid • •Friendica Admins reshared this.
Andy H3
in reply to Andy H3 • •Actually, I didn't explain it correctly. On my system, owner: group of
/var/lib/php/sessions
isroot:root
, but the files in that directory arewww-datat:www-data
, as I run Friendica underwww-data
.Unfortunately
733
and773
still bring up the error message on my system, whereas only777
seems to work.Friendica Admins reshared this.
Rebeka Catalina
in reply to Andy H3 • • •Then something else might be the reason. In my case all the contents in /var/lib/php have ownership of
root:root
, my webserver runs as www-data and php-process runs as a different user again and I also have 733 733 (more precisely 1733 on the sessions folder) and file permsions of 644Friendica Admins reshared this.
Rebeka Catalina
in reply to Andy H3 • • •Does your php-process have proper access on the whole path? Remember: to able to access a folder properly executable permission is the minimum for the folders as owner or the group the account has to be member of.
Friendica Admins reshared this.
Andy H3
in reply to Rebeka Catalina • •Thanks @Rebeka Catalina
Yes, sounds like something might be causing it. I have to investigate this further later on. I'm out of time now, unfortunately.
Friendica Admins reshared this.
Andy H3
in reply to Rebeka Catalina • •Friendica Admins reshared this.
Rebeka Catalina
in reply to Andy H3 • • •@Andy H3
Well... I give an example:
in my case the user of the php-process does not own any of the directories, nor is the account member of a group that owns the directories. That means that "others" need to have the permission to access every directory on the whole path - so beginning from /.
This can be done by setting 0755 for
/var
, for/var/lib
and the/var/lib/php
.As next step you can set all the directories in /var/lib/php to 0755:
and then as last step for the directories set
/var/lib/php/sessions
with chmod to 1733. On Debian systems this is per default the only directory with sticky bit set below the /var/lib/php directory.All the files in
/var/lib/php
are 0644Afterwards it should work.
Andy H3 likes this.
Friendica Admins reshared this.
Andy H3
in reply to Rebeka Catalina • •@Rebeka Catalina thank you very much for the detailed explanations! 🙏
I will try this tomorrow and will report back.
Rebeka Catalina likes this.
Friendica Admins reshared this.
Rebeka Catalina
in reply to Andy H3 • • •@Andy H3
I made two mistakes in my explanation above:
- file permissions are 0644
- permission for the sessions folder 1733
I'm a bit tired today 😀
Andy H3 likes this.
Friendica Admins reshared this.
Andy H3
in reply to Rebeka Catalina • •@Rebeka Catalina No worries! I'll try once I'm back home in a week or so.
Thanks for your tremendous efforts. Have a good holiday. 😊
Rebeka Catalina likes this.
Friendica Admins reshared this.
Rebeka Catalina
in reply to Andy H3 • • •Thank you - you too 😊
Friendica Admins reshared this.
Andy H3
in reply to Rebeka Catalina • •@Rebeka Catalina I think I finally got it working!!
So each directory up to
/var/lib/php
is set to0755
and all are owned byroot:root
.But
/var/lib/php/sessions/
is now set to0700
and is owned bywww-data:www-data
.I checked the following:
and saw this:
So this rather strict setting of the session directory is possible with the appropriate owner:group settings.
Thanks to your hints Rebeka, I understand more now about UNIX file types and their notations, as well as sticky, SGID and SUID bits. 👍
Rebeka Catalina likes this.
Friendica Admins reshared this.
Andy H3
in reply to Andy H3 • •Friendica Admins reshared this.