Correct permission for /var/lib/php/sessions ?
Hello !Friendica Admins
What's the correct permission for /var/lib/php/sessions?
On this VPS's Debian 11 the permission was set to 600 and it caused this error log entries like this:
[error] 278592#278592: *61 FastCGI sent in stderr: "PHP message: PHP Notice: session_start(): ps_files_cleanup_dir: opendir(/var/lib/php/sessions) failed: Permission denied (13) in /var/www/friendica/src/Core/Session/Type/Native.php on line 54" while reading response header from upstream, client:I've temporarily changed it to chmod 777 -R /var/lib/php/sessions/. The owner remains unchanged as www-data:www-data.
OldKid
in reply to Andy H3 • • •/var/lib/php/sessionsis733owner:group areroot:rootAndy H3
in reply to OldKid • • •Andy H3
in reply to Andy H3 • • •Actually, I didn't explain it correctly. On my system, owner: group of
/var/lib/php/sessionsisroot:root, but the files in that directory arewww-datat:www-data, as I run Friendica underwww-data.Unfortunately
733and773still bring up the error message on my system, whereas only777seems to work.Rebeka Catalina
in reply to Andy H3 • •Then something else might be the reason. In my case all the contents in /var/lib/php have ownership of
root:root, my webserver runs as www-data and php-process runs as a different user again and I also have 733 733 (more precisely 1733 on the sessions folder) and file permsions of 644Friendica Admins reshared this.
Rebeka Catalina
in reply to Andy H3 • •Does your php-process have proper access on the whole path? Remember: to able to access a folder properly executable permission is the minimum for the folders as owner or the group the account has to be member of.
Friendica Admins reshared this.
Andy H3
in reply to Rebeka Catalina • • •Thanks @Rebeka Catalina
Yes, sounds like something might be causing it. I have to investigate this further later on. I'm out of time now, unfortunately.
Friendica Admins reshared this.
Andy H3
in reply to Rebeka Catalina • • •Friendica Admins reshared this.
Rebeka Catalina
in reply to Andy H3 • •@Andy H3
Well... I give an example:
in my case the user of the php-process does not own any of the directories, nor is the account member of a group that owns the directories. That means that "others" need to have the permission to access every directory on the whole path - so beginning from /.
This can be done by setting 0755 for
/var, for/var/liband the/var/lib/php.As next step you can set all the directories in /var/lib/php to 0755:
and then as last step for the directories set
/var/lib/php/sessionswith chmod to 1733. On Debian systems this is per default the only directory with sticky bit set below the /var/lib/php directory.All the files in
/var/lib/phpare 0644Afterwards it should work.
Friendica Admins reshared this.
Andy H3
in reply to Rebeka Catalina • • •@Rebeka Catalina thank you very much for the detailed explanations! 🙏
I will try this tomorrow and will report back.
Rebeka Catalina likes this.
Friendica Admins reshared this.
Rebeka Catalina
in reply to Andy H3 • •@Andy H3
I made two mistakes in my explanation above:
- file permissions are 0644
- permission for the sessions folder 1733
I'm a bit tired today
Friendica Admins reshared this.
Andy H3
in reply to Rebeka Catalina • • •@Rebeka Catalina No worries! I'll try once I'm back home in a week or so.
Thanks for your tremendous efforts. Have a good holiday. 😊
Rebeka Catalina likes this.
Friendica Admins reshared this.
Rebeka Catalina
in reply to Andy H3 • •Thank you - you too 😊
Friendica Admins reshared this.
Andy H3
in reply to Andy H3 • • •