tarifa Posted March 21, 2020 Share Posted March 21, 2020 (edited) hi there - good day dear fellows, the topic of today: session.save_path (/tmp) is not writable for web server :: security-risk!? I am trying to install a script on my OpenSuse Webserver, and I managed to resolve most of the errors except of one: The value for session.save_path (/tmp) is not writable for the web server. Make sure that PHP can actually save session variables. session.save_path: writeable You need set permission for your var directory. That seems to be the problem. well - i guess that the default ownership may be incorrect on the session folder: Example; php on some Linux-Server defaults to apache user. If using nginx or other need to switch the folder ownership. Also as a note you have to change the user/group setting in www.conf. chown -R root:nginx /var/lib/php/7.0/ sed -i 's/apache/nginx/g' /etc/php-fpm-7.0.d/www.conf service php-fpm-7.0 restart But wait: what about the security - is it save to make the session.save_path writeable!? my server-admin says that this is a big big hole and makes the server unsecure. love to hear from you update: some clearings and clearification: - we re talking about the installation of a survey-script - called limesurvey - cf. www.limesurvey.org i get the following complaints during the installation process - and if we have a closer look at the script - (see below) then the server admin says - that this script wants to have unsecure things.... what do you say!? look forward to hear from you Edited March 21, 2020 by tarifa Link to comment https://www.neowin.net/forum/topic/1393422-sessionsave_path-tmp-is-not-writable-for-web-server-security-risk/ Share on other sites More sharing options...
0 tarifa Posted March 21, 2020 Author Share Posted March 21, 2020 hi there - dear fellows - update: if we have a closer look at the image - the foto in the thread... and if we think of this.. session_save_path ([ string $path ] ) : string session_save_path() gibt den Pfad des aktuellen Verzeichnisses zurück, das zum Speichern der Session-Daten verwendet wird. [/CODE] [CODE]No session => no login No session => no installation An session.save_path not writable => No session. [/CODE] conclusio: i all ways thought that this code tests if we can write into the php variable $_SESSION or - if we cannot do that - and i allways thought that this is read only what do you say - !? look forward to hear from you Link to comment https://www.neowin.net/forum/topic/1393422-sessionsave_path-tmp-is-not-writable-for-web-server-security-risk/#findComment-598531822 Share on other sites More sharing options...
Question
tarifa
hi there - good day dear fellows,
the topic of today: session.save_path (/tmp) is not writable for web server :: security-risk!?
I am trying to install a script on my OpenSuse Webserver, and I managed to resolve most of the errors except of one:
That seems to be the problem. well - i guess that the default ownership may be incorrect on the session folder:
Example; php on some Linux-Server defaults to apache user.
If using nginx or other need to switch the folder ownership. Also as a note you have to change the user/group setting in www.conf.
chown -R root:nginx /var/lib/php/7.0/ sed -i 's/apache/nginx/g' /etc/php-fpm-7.0.d/www.conf service php-fpm-7.0 restartBut wait: what about the security - is it save to make the session.save_path writeable!?
my server-admin says that this is a big big hole and makes the server unsecure.
love to hear from you
update:
some clearings and clearification: - we re talking about the installation of a survey-script - called limesurvey - cf. www.limesurvey.org
i get the following complaints during the installation process -
and if we have a closer look at the script - (see below) then the server admin says - that this script wants to have unsecure things....
what do you say!?
look forward to hear from you
Edited by tarifaLink to comment
https://www.neowin.net/forum/topic/1393422-sessionsave_path-tmp-is-not-writable-for-web-server-security-risk/Share on other sites
1 answer to this question
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now