Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 26th November 2014, 12:42
gring gring is offline
Member
 
Join Date: Mar 2009
Posts: 53
Thanks: 2
Thanked 3 Times in 3 Posts
Default [BUG] Write permissions to tmp folder

Hi, I'm using 3.0.5.4p2, so sorry if this has been solved in p5 (will update tonight).

When creating a website, php sessions won't work because the tmp directory doesn't have the write permissions for everybody.

Code:
 PHP Warning:  session_start(): open(/data/sites/clients/client12/web71/tmp/sess_5o892q2ubbn34td26rdsbh66d4, O_RDWR) failed: Permission denied (13) in ...
Reply With Quote
Sponsored Links
  #2  
Old 26th November 2014, 12:48
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 36,794
Thanks: 840
Thanked 5,612 Times in 4,423 Posts
Default

The temp directory may not have write permissions for everybody and writing to website tmp works fine here in p4.

Just a guess, you changed php mode of the site or switched on / off suexec without closing a browser window that has this site open. What happens then is that php tries to reuse a session file that it has written under a different user before. Change permission of the tmp folder back, then close your browser and open it again so php creates a new session.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 26th November 2014, 13:40
gring gring is offline
Member
 
Join Date: Mar 2009
Posts: 53
Thanks: 2
Thanked 3 Times in 3 Posts
Default

I was using Adminer on a fresh site with mod_php (suexec switched off).

the tmp directory belongs to web71:client12

the sessions files are created by the http server (www-data:www-data).
How could it create them if it doesn't write authorisation for the tmp folder ?

Last edited by gring; 26th November 2014 at 13:48.
Reply With Quote
  #4  
Old 26th November 2014, 13:52
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 36,794
Thanks: 840
Thanked 5,612 Times in 4,423 Posts
Default

mod_php should not be used anymore it allows a hacker (or client that want to harm you) to go from one site to all other sites easily as it runs all sites under the same user, please switch the site to either php-fpm or php-fcgi and switch suexec on (see ispconfig manual for details on ecommended php versions). If you really want to use mod_php, then you have to replace the normal apache with a version that uses the mpm-itk module.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #5  
Old 26th November 2014, 14:02
gring gring is offline
Member
 
Join Date: Mar 2009
Posts: 53
Thanks: 2
Thanked 3 Times in 3 Posts
Default

Thanks, I wasn't aware of that.

Sites created with previous ispconfig versions and mod_php had indeed 777 authorisations on the tmp folder.
Reply With Quote
  #6  
Old 26th November 2014, 14:04
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 36,794
Thanks: 840
Thanked 5,612 Times in 4,423 Posts
Default

You might also want to check that the security mode under System > server config > web is set to high.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #7  
Old 26th November 2014, 15:17
gring gring is offline
Member
 
Join Date: Mar 2009
Posts: 53
Thanks: 2
Thanked 3 Times in 3 Posts
Default

Switching to PHP-FHM gives the following error :

Code:
(13)Permission denied: FastCGI: failed to connect to server "/data/sites/clients/client12/web71/cgi-bin/php5-fcgi-*-80-<host>": connect() failed
FastCGI: incomplete headers (0 bytes) received from server "/data/sites/clients/client12/web71/cgi-bin/php5-fcgi-*-80-<host>"
And since mod-php is still availlable, is there really a good reason to restrict write to the tmp directory ?

Last edited by gring; 26th November 2014 at 15:22.
Reply With Quote
  #8  
Old 26th November 2014, 15:39
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 36,794
Thanks: 840
Thanked 5,612 Times in 4,423 Posts
Default

Most likely you dont have a php-fpm dameon installed yet. Try to use fcgi instead as the fcgi mode is available for a longer time, so fcgi should be installed even on older installations.

Quote:
is there really a good reason to restrict write to the tmp directory ?
Yes, other sites would be able to manipulate php session data to get access to the system installed on that site.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #9  
Old 26th November 2014, 16:32
gring gring is offline
Member
 
Join Date: Mar 2009
Posts: 53
Thanks: 2
Thanked 3 Times in 3 Posts
 
Default

The php-fpm daemon was installed.

Following instructions from elsewhere, In

/etc/php5/fpm/pool.d/web71.conf

I changed :
listen.mode = 0660

to :
listen.mode = 0666

and restarted the php-fpm service.

It works, but I don't have a clue about what this does.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Backup symlink folder permissions wrong snowfly Installation/Configuration 5 5th December 2011 10:23
OpenSuse settings permissions on folder? sebasjuh Installation/Configuration 4 25th July 2011 10:32
mail stop on one account provell General 10 26th November 2009 22:29
ISPConfig Installation error linuxuser1 Installation/Configuration 4 26th February 2008 07:38
ISPConfig 2.2.10 released till General 70 7th March 2007 19:25


All times are GMT +2. The time now is 21:05.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.