PHP upgrade always breaks session folder permissions

permissionsPHPphp-fpmyum

Every time I upgrade php (via yum upgrade) on my CentOS box, my /var/lib/session folder ownership becomes root:apache with 600 permissions. I use nginx as my web server. This breaks my site and prevents sessions from being stored.

The fix is simply to chown nginx:nginx the folder. But I have to manually do this every time yum updates php.

I imagine the problem stems from the fact that when I initially set the box up I ran apache. Where can I change this config to "nginx" to fix this issue? I had a look in php.ini but couldn't see anything relevant in there. The session directory is specified, but nothing about the user.

Best Answer

The best way is to use a different session directory for each user/pool.

In php-fpm.d/www.conf (already altered to change the user), and as explained in the comment.

user = foo

; Set session path to a directory owned by process user
php_value[session.save_handler] = files
php_value[session.save_path]    = /var/lib/php/foo/session
php_value[soap.wsdl_cache_dir]  = /var/lib/php/foo/wsdlcache

Thus, these new directories won't be changed on next update.

BTW, there is absolutely no need to change the user, you can use nginx and keep fpm running as apache (especially as most of packaged web applications rely on this)

Related Solutions

Linux – What permissions / ownership to set on PHP Sessions Folder when running FastCGI / PHP-FPM (as user “nobody”)

The correct permissions for us where

chown -R nobody:nogroup /var/lib/php/session

as php-cgi runs as nobody, even though NGinx runs as user nginx

Php – Plesk + Apache + PHP (FastCGI): Constant session permissions problems, conflicts between HTTP / HTTPS

Change your /etc/php.ini file:

session.save_path = "0;0660;/var/lib/php/session"

PHP 5.3.5 mabe will save your session file as -rw-r-- if it does, then you need to edit your application, use the code instead only start_session():

usermod(0);
start_session();

then it will save the session files with -rw-rw-- permission.

You will also need to change your apache group to psacln (your server maybe running as apache:apache because some updated from apache has overwrite the config file).

Edit your httpd.conf

change from:

user = apache
group = apache

To:

user = apache
group = psacln

Now if you change from mod_php to FastCGI and back, you will not have conflict with your session permissions.

Don't forget to restart your apache server after the changes /etc/init.d/httpd restart

If you are using a debian distro, your daemon command will be /etc/init.d/apache restart and your config files will be inside a synonymous folder like /etc/php/apache/php.ini and /etc/apache/httpd.conf or /etc/apache/apache.conf

Best Answer

Related Solutions

Linux – What permissions / ownership to set on PHP Sessions Folder when running FastCGI / PHP-FPM (as user “nobody”)

Php – Plesk + Apache + PHP (FastCGI): Constant session permissions problems, conflicts between HTTP / HTTPS

Related Topic