≡ Menu

Lighttpd: Beware of Default PHP Session Path Permission [ session.save_path ]

Session support in PHP consists of a way to preserve certain data across subsequent accesses. This enables you to build more customized applications and increase the appeal of your web site.

This path is defined in /etc/php.ini file and all data related to a particular session will be stored in a file in the directory specified by the session.save_path option.

After installing phpMyAdmin I was able to login but unable to select or modify tables. First, I thought I made some configuration errors, and then I reinstalled phpMyAdmin again. It was not working at all.

Finally, php error log file provides me the answer with the following errors:

[26-Jul-2006 13:35:22] PHP Warning:  Unknown: open(/var/lib/php/session/sess_lLFJ,tk9eFs5PGtWKKf559oKFM3, O_RDWR) failed: Permission denied (13) in Unknown on line 0
[26-Jul-2006 13:35:22] PHP Warning:  Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/var/lib/php/session) in Unknown on line 0
[26-Jul-2006 13:35:40] PHP Warning:  Unknown: open(/var/lib/php/session/sess_lLFJ,tk9eFs5PGtWKKf559oKFM3, O_RDWR) failed: Permission denied (13) in Unknown on line 0

/var/lib/php/ has root:apache write permission combination. Since I had migrated from the Apache to Lighttpd web server, I forgot to set correct permission for session directory (php.ini – session.save_path directive). To change file owner and group permission you need to use the chown command as follows:
# chown root:lighttpd /var/lib/php/ -R

Now my phpMyAdmin is working fine.

Share this on:

Your support makes a big difference:
I have a small favor to ask. More people are reading the nixCraft. Many of you block advertising which is your right, and advertising revenues are not sufficient to cover my operating costs. So you can see why I need to ask for your help. The nixCraft, takes a lot of my time and hard work to produce. If you use nixCraft, who likes it, helps me with donations:
Become a Supporter →    Make a contribution via Paypal/Bitcoin →   

Don't Miss Any Linux and Unix Tips

Get nixCraft in your inbox. It's free:



{ 6 comments… add one }
  • itamar May 24, 2007, 1:58 am

    I belive the best option is add lighttpd to group apache.

  • Misinformed February 7, 2008, 4:52 pm

    Genius. Thanks for the tip.

  • Rey April 5, 2009, 1:30 pm

    try chmod 1777 /var/lib/php/session

  • Marcelo August 5, 2010, 9:15 pm

    Excellent!

    Works 100%

    Thanks!

  • Ray April 24, 2012, 9:51 pm

    Rey,
    One would be stupid to set permissions to 777, huge security risk.

    • bob March 18, 2013, 10:17 am

      I agree… on /var/lib/php/session only Apache and root should have write permissions…
      Other may consider this an exploit and do some damage …

Leave a Comment


   Tagged with: , , , , , , , , , ,