rm -rf cannot delete session files

Question

1. list the files in session dir

$ /var/lib/php/sessions$ sudo ls -la
total 20
drwx-wx-wt 2 root     root     12288 May 20 14:26 .
drwxr-xr-x 4 root     root      4096 Feb 26 21:15 ..
-rw------- 1 www-data www-data     0 May 20 14:26 sess_716a24lf4tsnmfucpq50uf1pk7
-rw------- 1 www-data www-data   124 May 20 14:26 sess_fkif8ed8k85olh53q9so1cd6s3
-rw------- 1 www-data www-data     0 May 20 14:25 sess_ov6nrn16gg81i44u9angk3bls6

2. sudo delete all files

$ /var/lib/php/sessions$ sudo rm -rf ./*

3. But the session files still existed!

$ /var/lib/php/sessions$ sudo ls -la    
total 20
drwx-wx-wt 2 root     root     12288 May 20 14:26 .
drwxr-xr-x 4 root     root      4096 Feb 26 21:15 ..
-rw------- 1 www-data www-data     0 May 20 14:26 sess_716a24lf4tsnmfucpq50uf1pk7
-rw------- 1 www-data www-data   124 May 20 14:26 sess_fkif8ed8k85olh53q9so1cd6s3
-rw------- 1 www-data www-data     0 May 20 14:25 sess_ov6nrn16gg81i44u9angk3bls6

Did you made up the output or are the timestamps correct? I would expect the files to get new timestamps when PHP rewrites them. — eckes, May 20 '17 at 10:24
I use stat sess_716a24lf4tsnmfucpq50uf1pk7 before and after rm -rf, the timestamp are same. — Samuel Lui, May 20 '17 at 11:12
You can easily debug this: with `sudo echo ./*` you'll get what gets actually removed with your _read mail -really -fast_ (`rm -rf`). — Esa Jokinen, May 20 '17 at 11:20

Esa Jokinen · Accepted Answer · 2017-05-20T11:59:29.420

The problem here is that path name expansion occurs BEFORE the sudo. The path name expansion for ./* doesn't have permission to see the directory contents. Therefore, it would not get expanded to rm -rf ./sess_716a24lf4tsnmfucpq50uf1pk7 ./sess_fkif8ed8k85olh53q9so1cd6s3 ./sess_ov6nrn16gg81i44u9angk3bls6 as supposed – and as it would, if the whole command was run as root.

You can launch a new terminal inside sudo. Try:

sudo sh -c "rm -rf /var/lib/php/sessions/*"

Notice that I used the full path because it's much more safe than a relative path. Once a colleague typed / instead of ./ inside sudo rm -rf. You can imagine what happened: unnecessary restoring task for me... and one user less in the sudoers list.

score 1 · Answer 2 · answered May 20 '17 at 10:22

1

This is strange, maybe new sessions are created right after you remove them?

What happens if you try to remove a single file?

sudo rm sess_716a24lf4tsnmfucpq50uf1pk7

Does the file get removed?

answered May 20 '17 at 10:22

Johnny Mnemonic

31
2

yes it works when I remove the single file ! And the session recreate when i refresh the web site – Samuel Lui May 20 '17 at 11:00
Hm, can you try "echo ./" to see if there are any odd names files in there (and `rm -- ./*` to delete). I would especially remove the -f option to get error messages. – eckes May 20 '17 at 11:16
Yes PHP will recreate the sessions from Cache, restarting Apache should help with that. – eckes May 20 '17 at 11:17
`sudo service php7.0-fpm restart && sudo service nginx restart` the session still there – Samuel Lui May 20 '17 at 11:23
This is more of a comment than an answer right now. A helpful, troubleshooting comment, but a comment nonetheless, and as such it belongs in the comment area. – music2myear May 24 '17 at 22:17

score 1 · Answer 3 · answered May 20 '17 at 10:25

1

You have not indicated which user you are running as. However, the $ prompt indicates that you are running as a standard user, which is most likely not www-data.

So, the issue is that file system permissions prevent you from deleting the files, as you can see from the ls -l output.

answered May 20 '17 at 10:25

Tero Kilkanen

34,499
3
38
58

Couldn't the `sudo` mentioned in the question help with that? ;) – Esa Jokinen May 20 '17 at 11:04
I can sudo to rm one session file, so the problem should not about permission – Samuel Lui May 20 '17 at 11:13
The permissions doesn't prevent from deleting files (because of `sudo`) but from seeing them (because of "`$`"). See my answer. – Esa Jokinen May 20 '17 at 12:01

score 0 · Answer 4 · answered Dec 16 '20 at 16:06

As @Esa Jokinen said often you can't delete session files even with command like sudo rm -rf /var/lib/php/sessions/* because a path name expansion occurs BEFORE the sudo.

You can try another command like sudo sh -c "rm -rf /var/lib/php/sessions/*" but if you have tons of files you'll get an answer that rm: Argument list too long because the list of session files is usually very huge (up to millions of files).

I propose a really simple way:

Create a new folder sessions_new: mkdir /var/lib/php/sessions_new
Set the same permissions as for old sessions directory: sudo chmod --reference=sessions sessions_new
Do the same with ownership: sudo chown --reference=sessions sessions_new
Kill it! sudo rm -rf /var/lib/php/sessions
You don't need to wait a result for a long time. You can check it immediately in a new terminal window by sudo find /var/lib/php/sessions/. -type f|wc -l. This command counts the number of files inside your sessions folder. Run it two times. If the second time you run the command, you get a lower number than the first time, then the process is going in the right direction.
Wait for a long time :P
When process has finished just rename the session_new directory: sudo mv /var/lib/php/sessions_new /var/lib/php/sessions

rm -rf cannot delete session files

1. list the files in session dir

2. sudo delete all files

3. But the session files still existed!

4 Answers4