Re: Session Handling for multiple languages, permission denied [message #170928 is a reply to message #170918] |
Thu, 09 December 2010 01:33 |
jwcarlton
Messages: 76 Registered: December 2010
Karma:
|
Member |
|
|
On Dec 8, 6:02 am, Erwin Moller
<Since_humans_read_this_I_am_spammed_too_m...@spamyourself.com> wrote:
> On 12/8/2010 11:42 AM, jwcarlton wrote:
>
>
>
>> On Dec 8, 3:01 am, Erwin Moller
>> <Since_humans_read_this_I_am_spammed_too_m...@spamyourself.com> wrote:
>>> On 12/8/2010 8:26 AM, jwcarlton wrote:
>
>>>> I can set and read $_SESSION in PHP, no problem. But the file is being
>>>> stored on the server at /tmp/, and it's permission is set at 0600
>>>> (read and write by owner only).
>
>>>> If I want to access the session in other languages (like Perl),
>>>> permission is denied. How do I set PHP to save them with a different
>>>> read/write permission?
>
>>> Hi,
>
>>> As you mentioned, it is all about filepermissions.
>>> So you must first figure out the users that are acting in name of the
>>> programs. Or differently formulated, figure out as *which* user PHP
>>> runs, and also for Perl.
>
>>> It is possible they both run under Apache as www-data (Or 'apache', or
>>> 'nobody': whatever you/your distro choosed when you installed apache.)
>
>>> If they are both the same user, you can read the sessionfiles.
>>> If not, you have a few options:
>>> 1) Make them the same user.
>>> 2) Change the sessionstorage directory for PHP, and make sure you give
>>> it such permissions both users can access it.
>
>>> I would advise against changing the permissions for /tmp.
>
>>> Hope this helps.
>
>>> Regards,
>>> Erwin Moller
>
> [fixed sig quotation]
>
>>> Thanks, Erwin. Can you suggest how I would tell which user PHP and
>> Perl run as? I suspect that you're correct, and that they are
>> different.
>
> Yes many.
> Maybe the easiest way is:
> 1) Make a wide open directory somewhere (chmod 777)
> 2) Let both PHP and Perl create a file in there.
> eg: Let perl create a file named iamperl and php create a file named iamphp.
>
> Then ls -al in the dir and see who owns what.
>
> Warning: If you are unfamiliar with userrights on *nix, I don't think it
> is wise if you start changing the session directory (and/or ownership)
> if you are on a production environment.
>
> When you do something stupid, your server might become compromised.
>
> (For example: if you place the sessiondirectory somewhere accessible
> from the web)
>
> Be sure you know what you are doing. If not, call in some help.
>
>
>
>> If I change the session storage directory, is there a risk of it
>> running slower?
>
> If on the same system?
> No, not one I can think of.
>
> Regards,
> Erwin Moller
>
> --
> "There are two ways of constructing a software design: One way is to
> make it so simple that there are obviously no deficiencies, and the
> other way is to make it so complicated that there are no obvious
> deficiencies. The first method is far more difficult."
> -- C.A.R. Hoare
I gotcha, Erwin; I just thought there might be a faster way via SSH.
I have text files created by both PHP and Perl, and both chmod them by
default to 0644. But for some reason, Perl sets the session files to
0640, while PHP sets them to 0600. The default permission for /tmp/ is
0777.
I do prefer keeping them in /tmp/; like Jerry said, the garbage
collector isn't something I'm quite ready to ignore yet.
Is there not a way to set PHP to set these sessions as 0640?
|
|
|