Issue: We currently use the SuPHP configuration for many reasons and since the default session folder (/var/lib/php/session) is in root:apache 770 permissions, no site can write to this folder. (if I am missing something here, please tell me, hehe, I'd love to know how to fix this)
Suggestion: It would be nice that when the server is in SuPHP mode that all new sites be created with a session folder and session configuration (in the site specific php.ini) that points to something like /home/username/session and that this folder has normal site user permissions (siteusr:sitegrp 750 or something similar).
Hope this is understandable! :)
I just have a cron script run every 5 min to chmod the sessions folder 333. Hackish, but it works.
I do something similar for the moment but my concerns are more about security and customization…
Moreover, it would be nice a that an empty etc/php.ini be created for every new site under SuPHP with a comment mentionning something like:
; Add your php.ini directives here and they will override the default server config only for your site…
I agree completely. I was just offering what I’ve done as a workaround so that I don’t end up with broken sessions every time there’s an upgrade.
No problem ZombieProcess! Your replies are appreciated even if we already have something similar in place. If we did not have anything like this, it would’ve helped so it’s always a good thing to reply even for simple things.
Most of the time we see hosts set session.save_path in their php.ini to /var/tmp or /tmp to put session data. Since session files are created as owner/group of the siteworx user in mode 600, that would reasonably obstruct someone who compromised one account from spying on the session data of another. This is probably preferred over setting crons to repeatedly chmod the folder.
The suPHP integration is something we are looking into improving so this suggestion is something we can factor into our decision process.
Thank you for your response and desire to improve suPHP integration with Interworx. That will be greatly appreciated.