3

I have set up a custom php.ini for a dev site (the production site will eventually be on the same server) - it sets the session.save path to a directory specific to the site.

You can see the result at https://dev.permaculture.org.nz/info1.php (will be moved or removed once problem is solved).

However, I am still getting permission denied errors for session files attempting to be written to /var/lib/php/session Firstly, I can't understand why the "Master" and "local" values aren't the other way round. Secondly, I've no idea where the "local" value for session.save.path is coming from: I have located three php.ini files on the server: /etc/php.ini /opt/remi/php56/root/etc/php.ini /var/www/dev.permaculture.org.nz/etc/php.ini

The second uses /tmp, and I've also set the first to /tmp The third specifies /var/www/dev.permaculture.org.nz/php/session - which is, as required, owned by the process owner.

The errors are causing a fatal error for phpmyadmin.

Richard Grevers
  • 167
  • 1
  • 12

2 Answers2

1

Solved after further research (https://stackoverflow.com/questions/19520744/what-is-the-difference-between-local-value-and-master-value)

The overriding setting was in /etc/httpd/conf.d/php.conf While that has comments that it is overridden by individual virtualhost directives, it appears that php.ini settings do not override. The problem vanished when I commented it out.

Community
  • 1
Richard Grevers
  • 167
  • 1
  • 12
0

1st, your installation (centos 6 ?) seems a real mess.

Do you really need 3 php installations ?

  • base system php 5.6.27, which seems the default one used (from your phpinfo) => /etc/php.ini
  • SCL package in /opt/remi/php56/root/etc/php.ini
  • build from sources in /var/www/dev.permaculture.org.nz/etc/php.ini

Have you read the comment in php.ini ?

; RPM note : session directory must be owned by process owner
; for mod_php, see /etc/httpd/conf.d/php.conf
; for php-fpm, see /etc/php-fpm.d/*conf

/etc/httpd/conf.d/php.conf is the correct place to set session path for the "apache" user, /etc/php.ini is the worst, as shared by all users, this can only raise permissions issues (session created by 1 user, cleaned by another)

Remi Collet
  • 2,061
  • 1
  • 11
  • 12
  • I don't have three php installations. The server will host test, staging and production versions of one website. Obviously the test and production sites should have different php configs when it comes to error reporting etc, so I specified custom php.ini files in the vhost containers for each subdomain. There was no "build from source". as to the first two, the installable distro, CentOS 6.5 came with php5.4 included. After upgrading to 6.8, we still didn't have the php 5.6 required by the CMS, so I followed the standard instructions to install it (from your repo!). – Richard Grevers Mar 06 '17 at 09:16
  • ...I trust in YUM to do the right thing. If I have ended up with two php installs, I don't understand how both would be 5.6. Also, apache is running as the user which owns the site, which has generally minimised ownership and permissions issues. – Richard Grevers Mar 06 '17 at 09:24
  • You obviously have 2 php installed, as you have /etc/php.ini (from php-common) and /opt/remi/php56/root/etc/php.ini (from php56-php-common). Second one can probably be removed. And then the right place to configure session.save_path is in the vhost configuration file. – Remi Collet Mar 06 '17 at 11:03