CentOS/Redhat PHP updates break sessions with suPHP

Posted: 2013-12-12 12:50:14 by Alasdair Keyes

Direct Link |

With the recent PHP update for Redhat/CentOS in the past few days, it's brought to light a problem I've seen before and always forget about.

When the PHP RPM is installed it updates the permissions on the PHP session directory back to the defaults...

# stat /var/lib/php/session | grep Uid
Access: (0770/drwxrwx---)  Uid: (    0/    root)   Gid: (   48/  apache)

Like many I run suPHP, so all my sites use different users to execute. This will break sessions for all sites on my server as only root/apache can write to that folder.

As a fix, I've updated the PHP session path to be a custom location and set permissions as 1777.

mkdir /var/lib/php/mynewsessionfolder
chmod 1777 /var/lib/php/mynewsessionfolder

Then create a file called /etc/php.d/customsession.ini with the text

session.save_path = /var/lib/php/mynewsessionfolder

The permissions 1777 means that the folder is world read/writeable but when a user creates a file it is created as 600 permissions so only they can read/write to it

# ls -l /var/lib/php/mynewsessionfolder
total 4
-rw------- 1 auser auser 377 Dec 12 12:45 sess_6pjpshqnr06egukas50s0mhjk6

Next time PHP updates it will reset permissions on the standard session folder, but won't affect you

If you found this useful, please feel free to donate via bitcoin to 1NT2ErDzLDBPB8CDLk6j1qUdT6FmxkMmNz