I recently upgraded to PHP 5.3 and since then I get (sporadic) error messages which indicate Apache (or may be the cleaner of the session files) has no permissions to the folder where the sessions are stored.
This happens randomly and can't be reproduced with exact steps, which led me to guess it is the session cleaner.
Any one has any experience with such errors?
The error message (which is fired on the session_start() line) is:
ps_files_cleanup_dir:
opendir(/var/lib/php5) failed:
Permission denied.
ls -ltr on the session directory gives:
drwx-wx-wt 2 root root 4096 2010-05-25 12:39 php5
Inside this directory I do see session files owned by www-data which is my Apache, and the app does work fine.
Which makes me wonder, under which user does the session GC runs?
The fix: In your php.ini set session.gc_probability to 0
The cause
I believe I found the answer here http://somethingemporium.com/2007/06/obscure-error-with-php5-on-debian-ubuntu-session-phpini-garbage
Essentially, the garbage collection is set up to be done by cron jobs on some systems (i.e. Ubuntu/Debian). Some php ini executables like php-cli also try to do garbage collection and that results in the error you got.
This seems to be a typical error on Ubuntu servers (I'm using Lucid LTS). The default permissions of the /var/lib/php5 directory there are
drwx-wx-wt 2 root root 4096 2011-11-04 02:09 php5
so it can be written but not read by the web server, I guess that explains the errors.
As Ubuntu has it's own garbage cleaning via cron (/etc/cron.d/php5), it's probably best to disable php's garbage collection as suggested above by Diwant Vaidya.
session.gc_probability = 0
There's actually a reason the session folder should not be world readable - as the PHP Manual says:
If you leave this set to a world-readable directory, such as /tmp (the
default), other users on the server may be able to hijack sessions by
getting the list of files in that directory.
The solution I currently use (which I am not sure is the correct one) is to give ownership on the session folder to the Apache user (www-data in my case).
This issue has been bugging me for a while. I changed the value as suggested in php.ini and the issue kept occurring. I found the same config value in my index.php and also private/Zend/session.php. So it's worth looking a bit deeper if the issue keeps occurring. I hope this is useful for someone.
Related
I have a SQLite database that I am using for a website. The problem is that when I try to INSERT INTO it, I get a PDOException
SQLSTATE[HY000]: General error: 8 attempt to write a readonly database
I SSH'd into the server and checked permissions, and the database has the permissions
-rw-rw-r--
I'm not that familiar with *nix permissions, but I'm pretty sure this means
Not a directory
Owner has read/write permissions (that's me, according to ls -l)
Group has read/write permissions
Everyone else only has read permissions
I also looked everywhere I knew to using the sqlite3 program, and found nothing relevant.
Because I didn't know with what permissions PDO is trying to open the database, I did
chmod o+w supplies.db
Now, I get another PDOException:
SQLSTATE[HY000]: General error: 14 unable to open database file
But it ONLY occurs when I try to execute an INSERT query after the database is open.
Any ideas on what is going on?
The problem, as it turns out, is that the PDO SQLite driver requires that if you are going to do a write operation (INSERT,UPDATE,DELETE,DROP, etc), then the folder the database resides in must have write permissions, as well as the actual database file.
I found this information in a comment at the very bottom of the PDO SQLite driver manual page.
This can happen when the owner of the SQLite file itself is not the same as the user running the script. Similar errors can occur if the entire directory path (meaning each directory along the way) can't be written to.
Who owns the SQLite file? You?
Who is the script running as? Apache or Nobody?
For me the issue was SELinux enforcement rather than permissions. The "read only database" error went away once I disabled enforcement, following the suggestion made by Steve V. in a comment on the accepted answer.
echo 0 >/selinux/enforce
Upon running this command, everything worked as intended (CentOS 6.3).
The specific issue I had encountered was during setup of Graphite. I had triple-checked that the apache user owned and could write to both my graphite.db and its parent directory. But until I "fixed" SELinux, all I got was a stack trace to the effect of: DatabaseError: attempt to write a readonly database
This can be caused by SELinux. If you don't want to disable SELinux completely, you need to set the db directory fcontext to httpd_sys_rw_content_t.
semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/railsapp/db(/.*)?"
restorecon -v /var/www/railsapp/db
I got this error when I tried to write to a database on an Android system.
Apparently sqlite3 not only needs write permissions to the database file and the containing directory (as #austin-hyde already said in his answer) but also the environment variable TMPDIR has to point to a (possibly writable) directory.
On my Android system I set it to TMPDIR="/data/local/tmp" and now my script runs as expected :)
Edit:
If you can't set environment variables you can use one of the other methods listed here: https://www.sqlite.org/tempfiles.html#temporary_file_storage_locations
like PRAGMA temp_store_directory = 'directory-name';
In summary, I've fixed the problem by putting the database file (* .db) in a subfolder.
The subfolder and the database file within it must be a member of the
www-data group.
In the www-data group, you must have the right to write to the
subfolder and the database file.
####### Additional Notes For Similar Problem #####
I gave write permissions to my sqlite database file to other users and groups but it still didn't work.
File is in my web root directory for my .NET Core WebApi.
It looked like this:
-rw-rw-rw- 1 root root 24576 Jan 28 16:03 librestore.db
Even if I ran the service as root, I kept getting the error :
Error: SQLite Error 8: 'attempt to write a readonly database'.
I also did a chown to www-data on the librestore.db and I still received the same error.
Finally I moved up above my webroot directory and gave others write access to that directory (LibreStore - the root of my WebApi) also and then it worked.
I'm not sure why I had to give the directory write access if the specific file already had write access, but this is the only thing that worked.
But once I made that change www-data user could access the .db file and inserts succeeded.
I got the same error from IIS under windows 7. To fix this error i had to add full control permissions to IUSR account for sqlite database file. You don't need to change permissions if you use sqlite under webmatrix instead of IIS.
I used:
echo exec('whoami');
to find out who is running the script (say username), and then gave the user permissions to the entire application directory, like:
sudo chown -R :username /var/www/html/myapp
(For followers looking for an answer to a similar question)
I'm building a C# .Net Core 6.0 WPF app. I put the Sqlite.db3 on the c:\ drive for convenience while developing. To write to the database I must open Visual Studio 2019 as Administrator.
#Charles in a comment pointed out the solution to this (or at least, a botch solution). This is merely me spelling it out more clearly. Put file_put_contents('./nameofyourdb.sqlite', null); (or .db, whichever you fancy) in a .php file in the root directory of your app (or wherever you want the db to be created), then load that page which renders the php code. Now you have an sqlite db created by whichever user runs your php code, meaning your php code can write to it. Just don't forget to use sudo when interacting with this db in the console.
A good clean solution to this is to allow the file of your main user account to be written to by (in my case) the http user but this worked for me and its simple.
None of these solutions worked for me and I suppose I had a very rare case that can still happen. Had a power shortage so even with 777 permissions on folder and db file, without SELinux, I would get this error.
Turns out there was a jellyfin.pid file (not sure if it's named after the service or user as they have the same name) locking it after the power shortage. Deleted it, restarted the service and everything worked.
I got this in my browser when I changed from using http://localhost to http://145.900.50.20 (where 145.900.50.20 is my local IP address) and then changed back to localhost -- it was necessary to stay with the IP address once I had changed to that once
I'm having trouble with session variable in my setup. I'm storing some data in SESSION variables, but it seems like they're not stored properly, or at least I can't access them. On my local computr running MAMP it works ifne but in prod with php5/nginx, my session variables aren't stored. (I get an undefined index error).
I've read it can be related to the session.save_path and access rights, but I'm still confused. Where is this path defined? In my php.ini file there is this
;session.save_path = "/var/lib/php5"
But it starts with a ';' so I'm guessing it's ignored?
Also, what access should I give to the folder (once I've found it)? How can I know which user php is, and which group it belongs to? Seems like really basic stuff but I'm struggling to grasp it u__u
EDIT:
Apparently it's not a problem of permissions, since there are a lot of session folders in the directory, all created by php... So I really can't figure out why my session variables aren't accessible! :-(
It says undefined index...
Thanks in advance!
Aurélie
It is indeed ignored if it starts with ;. The default value is the temp directory, i.e. /tmp, but just to be sure, I suggest that you look in your phpinfo() and check it there because the file you checked might not be the only configuration your PHP uses.
The sessions path needs to be writable by PHP and it also has to be permitted by the open_basedir directive (if you use open_basedir which is highly recommended).
You use nginx so I'll assume you're using PHP-FPM. To find the PHP-FPM's user, you need to either find the user = ... directive in your php-fpm.conf (usually somewhere under /etc), or you can just find the running process using a tool like ps, htop, etc.
I am running Sugarcrm CE under wamp on a windows 7 machine and I keep getting the following error. It just happens randomly and if I reload the page it seems to work. But this error is very annoying and I never used to get it under this development environment. I know if this was linux it would be a permissions issue but permissions look fine in windows to me. I have developer mode switched on and have deleted the cache folder but it still happens. Does anybody know how to prevent this?
Fatal error: sugar_file_put_contents_atomic() : fatal rename failure 'E:\wamp \www\sugargantt-project\cache\modules\Employees\tem177F.tmp' -> 'cache/modules/Employees/Employeevardefs.php' in E:\wamp\www\sugargantt-project\include\utils\sugar_file_utils.php on line 187
I had the 'cache' directory but found it was owned by 'root' so I resolved it by correcting ownership from the sugarcrm directory:
chown -R apache:apache .
Where 'apache' is your web server user.
I had this error and fixed it by editing the realpath_cache_size setting from the default of 16k to 32k in my php.ini.
realpath_cache_size = 32k
EDIT: Although, the above solution helped, this issue returned in my local development environment (I am running on Windows 7). I ended up resolving it by closing my PHP IDE, PhpED by NuSphere, and deleting the localhost debugging cookie in my browser that this IDE sets named "DBGSESSID". I re-ran my local sugarCRM instance again without PhpED and the error disappeared.
I was also facing this issue and resolved it by performing following steps
The root folder of sugar must have a folder named 'cache' in which it creates the cache files.If the folder is missing then create one.
Increase the Memory usage and script execution time in php.ini file, i had set these to Memoray: 256, Script execution time to 1000.
Visit http://localhost/?phpinfo=1 and see if WinCache or APC are enabled. They're both caching mechanisms for PHP on Windows environments, and I've had similar issues with such things in Sugar where temporary files aren't able to be deleted and rebuilt correctly.
If one or the other are enabled, you'll want to modify your active php.ini file or otherwise disable the PHP module from the WAMP menu.
Just create a cache directory in root directory of sugarcrm and check permission on it make it 777 and try hard reload it after this
I'm writing in php using Zend Framework version 1.11.11. Sometimes I receive error
session has already been started by session.auto-start or session_start()
After page refreshing this error disappears. I read several posts about this problem. I checked configs and session.auto_start is set to Off. I don't call session_start() directly, for working with session I use only Zend_Session component.
What can be the cause of this problem? Can it be connected with garbage collector?
This seems to be related to a session cleanup task that Zend tries to perform. By default apache only has write access to the session directory (on an Ubuntu box it would be /var/lib/php5). This causes the cleanup to fail, resulting in intermittent HTTP/500 errors.
Easiest is to give read access to apache by doing either of
1) chmod a+r /var/lib/php5
2) chgrp www-data /var/lib/php5; chmod g+r /var/lib/php5
The above commands assume you're running Ubuntu. In other distros, adjust the username/path.
I'm guessing this is on a debian server? If not, this may not be the solution... but we ran into this on our Ubuntu based installations.
This is happening because of the combination of the installed PHP package and the cron scripts that are running to take care of the session cleanup. (for whatever reason... not sure why they're doing that...)
We were successful by doing the following things:
- removing the cron job to clear out the PHP session stuff (trust me, its there - its annoying)
- chmod www-data:www-data /var/lib/php5 (or equivalent info)
- session.gc_probability = 1 in your php.ini file
May not be the best solution, but it took care of it for me.
when I uploaded the script to the server I got this error
Warning: Unknown: open(/tmp/sess_58f54ee6a828f04116c2ed97664497b2, O_RDWR) failed: Permission denied (13) in Unknown on line 0
Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0
The error appeared when I call session_start(), although I set the permission of /tmp folder to 777.
Change session path where you can write data or contact server administrator about /tmp problem
http://php.net/manual/en/function.session-save-path.php
you will need to change your session.save_path php.ini directive
You can do that using session_save_path
If you have SSH access, here is how to correct the permission and ownership
sudo chown -R NAME_OF_USER /tmp
Replace NAME_OF_USER by the user under which runs php. You can find it by simply putting these lines in a php file:
$processUser = posix_getpwuid(posix_geteuid());
print $processUser['name'];
exit;
Check that you're not running into diskspace issues. If all the permissions are correct (and 777 ought to do it for you), then you might still get this error (for some versions of PHP and Apache) if there isn't enough space to write to the disk.
I had this problem in the following situation:
I filled some session vars with PHP
While the session was still active, I changed from PHP 5.4 to 5.3 on my host.
Reloading the page gave the error, described above.
Reset the PHP version to 5.4 again.
Used session_unset(); and session_destroy(); to clean the current session.
Changed the PHP version back to 5.3.
Now it works again.
Conclusion: For an irrelevant reason I had to change my PHP version, and while switching with sessions alive, the sessions get corrupted.
I realize that this is an old post, however I just ran into this problem, and found an easy solution.
For me, the issue was happening with one of my websites deployed locally. I hadn't tried accessing the websites using other browsers, but it was happening every time I tried to access this site via Chrome. I decided to go into the Chrome developer tools, under the application tab -- and clicking "Clear Storage". Voila -- everything is working like magic again.
Hope this helps someone else!
Additionally, you may want to use ini_set('session.save_path', '/dir/here'); assuming you have access to this function. The other ways suggested are valid.
I've just had exactly the same problem with one of my PHP scripts and I was like what did I break 'cos it worked perfectly the day before and I'm running it from my own local Puppy Linux machine so it's not even a host or anything.
The only thing I'd been doing before that was trying to get Java to work in the web browser, so some how I'd managed to get Java to work but broke PHP - oops!
Anyway I did remember that whilst trying to get Java to work I had deleted the contents of the /tmp folder to wipe anything out that may be causing a problem (it actually turned out with Java I was using the old plugin oij with the new Firefox)
To solve this problem I opened up Rox File Manager, went to the / folder and right clicked on the tmp folder -> Mount Point 'tmp' and clicked properties.
I noticed the permissions were set as Owner - Read, Write, Exec, but Group and World were only set at Read and Exec and not Write. I put a tick in Write for both Group and World and now PHP works fine again.
I don't know at what point the permissions for tmp must have changed but for PHP to use them it must be set to have Write permissions.
Add following line
ini_set('session.save_path', getcwd() . '/tmp');
before
session_start();
if you are using Apache web server, the quick fix is to go to your command line and type:
open /etc/apache2/
then from the window opened, open the file called httpd.conf and search for User or Group change these 2 lines to:
User _www
Group _www
This is because you want your server to have permission to your systems directories, especially you want to change the User or you can leave your Group to either staff or admin.
I had the same problem of permission, but on /var/lib/php/session/.
To fix it, I deleted the file and restarted php-fpm.
rm -rf /var/lib/php/session/sess_p930fh0ejjkeeiaes3l4395q96
sudo service php5.6-fpm restart
Now all works well.
For me the problem seems to be a WHM bug!
I have a bunch of add on domains and all work fine but with a subdomain it brings this error.
Strange thing but if I use the full URL with the main domain it works fine:
main-domain.com/my.subdomain.com
If I use the subdomain directly it brings "Permission denied (13)":
my.subdomain.com
The thing is all addon domains root is:
/home/xx/
But for my subdomain, don't know why, the root is: (I shouldn't have access to that dir)
/
So it´s really trying to reach: /tmp instead of /home/xx/tmp
Which also exists but don't have the right permissions
To clarify this are examples of the whole path:
/home/my-account/public_html
/home/my-account/tmp
/tmp
The workaround I used was:
session_save_path('/home/my-account/tmp');
session_start();
Using PHP 5.6 I had already used session_save_path() to point to a directory within the domain's structure. It worked fine until I upgraded to PHP 7.0, at which time I received the noted error. At PHP.net I found several comments that indicated assigning a direct path didn't always work, so I used their suggestion.
session_save_path(realpath(dirname($_SERVER['DOCUMENT_ROOT']) . '/../session'));
worked perfectly. Remember to change /../session to the relative location of your actual session directory.
If :
session.gc_probability > 0
session files are created by different user(s) (e.g. root and apache).
session files are all stored in the same place (e.g. /var/lib/php/session)
Then you'll see this error when e.g. the Apache PHP process attempts to run garbage collection on the session files.
Fixes :
Reconfigure PHP so gc_probability is 0, and have a cron job removing the old/stale file(s).
Have each different user save their session files in separate place(s) (session_save_path() etc).
I initially had this issue due to nginx owning the /tmp location and php-fpm was running under 'apache' user and group due to the www.conf. I swapped out the user/group in that file and then it worked ok. You may want to check <?php echo exec('whoami'); ?> to verify.
In my case the problem was SELINUX not allowing this.
A helpful command to get suggestions on how to fix this:
sealert -a /var/log/audit/audit.log
If you want to rule out SELINUX, try disabling it for a moment. If that fixes the issue then that is the problem.