FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Session Handling for multiple languages, permission denied
Show: Today's Messages :: Polls :: Message Navigator
Switch to threaded view of this topic Create a new topic Submit Reply
Session Handling for multiple languages, permission denied [message #170915] Wed, 08 December 2010 07:26 Go to next message
jwcarlton is currently offline  jwcarlton
Messages: 76
Registered: December 2010
Karma: 0
Member
I can set and read $_SESSION in PHP, no problem. But the file is being
stored on the server at /tmp/, and it's permission is set at 0600
(read and write by owner only).

If I want to access the session in other languages (like Perl),
permission is denied. How do I set PHP to save them with a different
read/write permission?
Re: Session Handling for multiple languages, permission denied [message #170916 is a reply to message #170915] Wed, 08 December 2010 08:01 Go to previous messageGo to next message
Erwin Moller is currently offline  Erwin Moller
Messages: 228
Registered: September 2010
Karma: 0
Senior Member
On 12/8/2010 8:26 AM, jwcarlton wrote:
> I can set and read $_SESSION in PHP, no problem. But the file is being
> stored on the server at /tmp/, and it's permission is set at 0600
> (read and write by owner only).
>
> If I want to access the session in other languages (like Perl),
> permission is denied. How do I set PHP to save them with a different
> read/write permission?

Hi,

As you mentioned, it is all about filepermissions.
So you must first figure out the users that are acting in name of the
programs. Or differently formulated, figure out as *which* user PHP
runs, and also for Perl.

It is possible they both run under Apache as www-data (Or 'apache', or
'nobody': whatever you/your distro choosed when you installed apache.)

If they are both the same user, you can read the sessionfiles.
If not, you have a few options:
1) Make them the same user.
2) Change the sessionstorage directory for PHP, and make sure you give
it such permissions both users can access it.

I would advise against changing the permissions for /tmp.

Hope this helps.

Regards,
Erwin Moller

--
"There are two ways of constructing a software design: One way is to
make it so simple that there are obviously no deficiencies, and the
other way is to make it so complicated that there are no obvious
deficiencies. The first method is far more difficult."
-- C.A.R. Hoare
Re: Session Handling for multiple languages, permission denied [message #170917 is a reply to message #170916] Wed, 08 December 2010 10:42 Go to previous messageGo to next message
jwcarlton is currently offline  jwcarlton
Messages: 76
Registered: December 2010
Karma: 0
Member
On Dec 8, 3:01 am, Erwin Moller
<Since_humans_read_this_I_am_spammed_too_m...@spamyourself.com> wrote:
> On 12/8/2010 8:26 AM, jwcarlton wrote:
>
>> I can set and read $_SESSION in PHP, no problem. But the file is being
>> stored on the server at /tmp/, and it's permission is set at 0600
>> (read and write by owner only).
>
>> If I want to access the session in other languages (like Perl),
>> permission is denied. How do I set PHP to save them with a different
>> read/write permission?
>
> Hi,
>
> As you mentioned, it is all about filepermissions.
> So you must first figure out the users that are acting in name of the
> programs. Or differently formulated, figure out as *which* user PHP
> runs, and also for Perl.
>
> It is possible they both run under Apache as www-data (Or 'apache', or
> 'nobody':  whatever you/your distro choosed when you installed apache.)
>
> If they are both the same user, you can read the sessionfiles.
> If not, you have a few options:
> 1) Make them the same user.
> 2) Change the sessionstorage directory for PHP, and make sure you give
> it such permissions both users can access it.
>
> I would advise against changing the permissions for /tmp.
>
> Hope this helps.
>
> Regards,
> Erwin Moller
>
> --
> "There are two ways of constructing a software design: One way is to
> make it so simple that there are obviously no deficiencies, and the
> other way is to make it so complicated that there are no obvious
> deficiencies. The first method is far more difficult."
> -- C.A.R. Hoare

Thanks, Erwin. Can you suggest how I would tell which user PHP and
Perl run as? I suspect that you're correct, and that they are
different.

If I change the session storage directory, is there a risk of it
running slower?
Re: Session Handling for multiple languages, permission denied [message #170918 is a reply to message #170917] Wed, 08 December 2010 11:02 Go to previous messageGo to next message
Erwin Moller is currently offline  Erwin Moller
Messages: 228
Registered: September 2010
Karma: 0
Senior Member
On 12/8/2010 11:42 AM, jwcarlton wrote:
> On Dec 8, 3:01 am, Erwin Moller
> <Since_humans_read_this_I_am_spammed_too_m...@spamyourself.com> wrote:
>> On 12/8/2010 8:26 AM, jwcarlton wrote:
>>
>>> I can set and read $_SESSION in PHP, no problem. But the file is being
>>> stored on the server at /tmp/, and it's permission is set at 0600
>>> (read and write by owner only).
>>
>>> If I want to access the session in other languages (like Perl),
>>> permission is denied. How do I set PHP to save them with a different
>>> read/write permission?
>>
>> Hi,
>>
>> As you mentioned, it is all about filepermissions.
>> So you must first figure out the users that are acting in name of the
>> programs. Or differently formulated, figure out as *which* user PHP
>> runs, and also for Perl.
>>
>> It is possible they both run under Apache as www-data (Or 'apache', or
>> 'nobody': whatever you/your distro choosed when you installed apache.)
>>
>> If they are both the same user, you can read the sessionfiles.
>> If not, you have a few options:
>> 1) Make them the same user.
>> 2) Change the sessionstorage directory for PHP, and make sure you give
>> it such permissions both users can access it.
>>
>> I would advise against changing the permissions for /tmp.
>>
>> Hope this helps.
>>
>> Regards,
>> Erwin Moller

[fixed sig quotation]

>> Thanks, Erwin. Can you suggest how I would tell which user PHP and
> Perl run as? I suspect that you're correct, and that they are
> different.

Yes many.
Maybe the easiest way is:
1) Make a wide open directory somewhere (chmod 777)
2) Let both PHP and Perl create a file in there.
eg: Let perl create a file named iamperl and php create a file named iamphp.

Then ls -al in the dir and see who owns what.

Warning: If you are unfamiliar with userrights on *nix, I don't think it
is wise if you start changing the session directory (and/or ownership)
if you are on a production environment.

When you do something stupid, your server might become compromised.

(For example: if you place the sessiondirectory somewhere accessible
from the web)

Be sure you know what you are doing. If not, call in some help.


>
> If I change the session storage directory, is there a risk of it
> running slower?

If on the same system?
No, not one I can think of.

Regards,
Erwin Moller


--
"There are two ways of constructing a software design: One way is to
make it so simple that there are obviously no deficiencies, and the
other way is to make it so complicated that there are no obvious
deficiencies. The first method is far more difficult."
-- C.A.R. Hoare
Re: Session Handling for multiple languages, permission denied [message #170923 is a reply to message #170917] Wed, 08 December 2010 20:21 Go to previous messageGo to next message
The Natural Philosoph is currently offline  The Natural Philosoph
Messages: 993
Registered: September 2010
Karma: 0
Senior Member
jwcarlton wrote:
> On Dec 8, 3:01 am, Erwin Moller
> <Since_humans_read_this_I_am_spammed_too_m...@spamyourself.com> wrote:
>> On 12/8/2010 8:26 AM, jwcarlton wrote:
>>
>>> I can set and read $_SESSION in PHP, no problem. But the file is being
>>> stored on the server at /tmp/, and it's permission is set at 0600
>>> (read and write by owner only).
>>> If I want to access the session in other languages (like Perl),
>>> permission is denied. How do I set PHP to save them with a different
>>> read/write permission?
>> Hi,
>>
>> As you mentioned, it is all about filepermissions.
>> So you must first figure out the users that are acting in name of the
>> programs. Or differently formulated, figure out as *which* user PHP
>> runs, and also for Perl.
>>
>> It is possible they both run under Apache as www-data (Or 'apache', or
>> 'nobody': whatever you/your distro choosed when you installed apache.)
>>
>> If they are both the same user, you can read the sessionfiles.
>> If not, you have a few options:
>> 1) Make them the same user.
>> 2) Change the sessionstorage directory for PHP, and make sure you give
>> it such permissions both users can access it.
>>
>> I would advise against changing the permissions for /tmp.
>>
>> Hope this helps.
>>
>> Regards,
>> Erwin Moller
>>
>> --
>> "There are two ways of constructing a software design: One way is to
>> make it so simple that there are obviously no deficiencies, and the
>> other way is to make it so complicated that there are no obvious
>> deficiencies. The first method is far more difficult."
>> -- C.A.R. Hoare
>
> Thanks, Erwin. Can you suggest how I would tell which user PHP and
> Perl run as? I suspect that you're correct, and that they are
> different.
>

PHP wll run typically with the perissions of whoever types 'php' on the
command line, or if its run from apache, with whatever permissions
apache runs.


If PERL is also run from apache it will be with the same permissins
normally.


> If I change the session storage directory, is there a risk of it
> running slower?

No.
Re: Session Handling for multiple languages, permission denied [message #170924 is a reply to message #170917] Wed, 08 December 2010 20:40 Go to previous messageGo to next message
Jerry Stuckle is currently offline  Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma: 0
Senior Member
On 12/8/2010 5:42 AM, jwcarlton wrote:
> On Dec 8, 3:01 am, Erwin Moller
> <Since_humans_read_this_I_am_spammed_too_m...@spamyourself.com> wrote:
>> On 12/8/2010 8:26 AM, jwcarlton wrote:
>>
>>> I can set and read $_SESSION in PHP, no problem. But the file is being
>>> stored on the server at /tmp/, and it's permission is set at 0600
>>> (read and write by owner only).
>>
>>> If I want to access the session in other languages (like Perl),
>>> permission is denied. How do I set PHP to save them with a different
>>> read/write permission?
>>
>> Hi,
>>
>> As you mentioned, it is all about filepermissions.
>> So you must first figure out the users that are acting in name of the
>> programs. Or differently formulated, figure out as *which* user PHP
>> runs, and also for Perl.
>>
>> It is possible they both run under Apache as www-data (Or 'apache', or
>> 'nobody': whatever you/your distro choosed when you installed apache.)
>>
>> If they are both the same user, you can read the sessionfiles.
>> If not, you have a few options:
>> 1) Make them the same user.
>> 2) Change the sessionstorage directory for PHP, and make sure you give
>> it such permissions both users can access it.
>>
>> I would advise against changing the permissions for /tmp.
>>
>> Hope this helps.
>>
>> Regards,
>> Erwin Moller
>>
>> --
>> "There are two ways of constructing a software design: One way is to
>> make it so simple that there are obviously no deficiencies, and the
>> other way is to make it so complicated that there are no obvious
>> deficiencies. The first method is far more difficult."
>> -- C.A.R. Hoare
>
> Thanks, Erwin. Can you suggest how I would tell which user PHP and
> Perl run as? I suspect that you're correct, and that they are
> different.
>
> If I change the session storage directory, is there a risk of it
> running slower?

It won't run slower, as long as you're not on a slower disk. However,
the advantage of /tmp is it is cleaned up by the system in case of a
crash/reboot. Other directories may not be.

Of course, it's not a problem if the system never reboots. But most
(even linux) need to reboot occasionally, i.e. after applying
maintenance or to add/replace hardware.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
Re: Session Handling for multiple languages, permission denied [message #170928 is a reply to message #170918] Thu, 09 December 2010 01:33 Go to previous messageGo to next message
jwcarlton is currently offline  jwcarlton
Messages: 76
Registered: December 2010
Karma: 0
Member
On Dec 8, 6:02 am, Erwin Moller
<Since_humans_read_this_I_am_spammed_too_m...@spamyourself.com> wrote:
> On 12/8/2010 11:42 AM, jwcarlton wrote:
>
>
>
>> On Dec 8, 3:01 am, Erwin Moller
>> <Since_humans_read_this_I_am_spammed_too_m...@spamyourself.com>  wrote:
>>> On 12/8/2010 8:26 AM, jwcarlton wrote:
>
>>>> I can set and read $_SESSION in PHP, no problem. But the file is being
>>>> stored on the server at /tmp/, and it's permission is set at 0600
>>>> (read and write by owner only).
>
>>>> If I want to access the session in other languages (like Perl),
>>>> permission is denied. How do I set PHP to save them with a different
>>>> read/write permission?
>
>>> Hi,
>
>>> As you mentioned, it is all about filepermissions.
>>> So you must first figure out the users that are acting in name of the
>>> programs. Or differently formulated, figure out as *which* user PHP
>>> runs, and also for Perl.
>
>>> It is possible they both run under Apache as www-data (Or 'apache', or
>>> 'nobody':  whatever you/your distro choosed when you installed apache.)
>
>>> If they are both the same user, you can read the sessionfiles.
>>> If not, you have a few options:
>>> 1) Make them the same user.
>>> 2) Change the sessionstorage directory for PHP, and make sure you give
>>> it such permissions both users can access it.
>
>>> I would advise against changing the permissions for /tmp.
>
>>> Hope this helps.
>
>>> Regards,
>>> Erwin Moller
>
> [fixed sig quotation]
>
>>> Thanks, Erwin. Can you suggest how I would tell which user PHP and
>> Perl run as? I suspect that you're correct, and that they are
>> different.
>
> Yes many.
> Maybe the easiest way is:
> 1) Make a wide open directory somewhere (chmod 777)
> 2) Let both PHP and Perl create a file in there.
> eg: Let perl create a file named iamperl and php create a file named iamphp.
>
> Then ls -al in the dir and see who owns what.
>
> Warning: If you are unfamiliar with userrights on *nix, I don't think it
> is wise if you start changing the session directory (and/or ownership)
> if you are on a production environment.
>
> When you do something stupid, your server might become compromised.
>
> (For example: if you place the sessiondirectory somewhere accessible
> from the web)
>
> Be sure you know what you are doing. If not, call in some help.
>
>
>
>> If I change the session storage directory, is there a risk of it
>> running slower?
>
> If on the same system?
> No, not one I can think of.
>
> Regards,
> Erwin Moller
>
> --
> "There are two ways of constructing a software design: One way is to
> make it so simple that there are obviously no deficiencies, and the
> other way is to make it so complicated that there are no obvious
> deficiencies. The first method is far more difficult."
> -- C.A.R. Hoare

I gotcha, Erwin; I just thought there might be a faster way via SSH.

I have text files created by both PHP and Perl, and both chmod them by
default to 0644. But for some reason, Perl sets the session files to
0640, while PHP sets them to 0600. The default permission for /tmp/ is
0777.

I do prefer keeping them in /tmp/; like Jerry said, the garbage
collector isn't something I'm quite ready to ignore yet.

Is there not a way to set PHP to set these sessions as 0640?
Re: Session Handling for multiple languages, permission denied [message #170933 is a reply to message #170915] Thu, 09 December 2010 08:17 Go to previous message
alvaro.NOSPAMTHANX is currently offline  alvaro.NOSPAMTHANX
Messages: 277
Registered: September 2010
Karma: 0
Senior Member
El 08/12/2010 8:26, jwcarlton escribió/wrote:
> I can set and read $_SESSION in PHP, no problem. But the file is being
> stored on the server at /tmp/, and it's permission is set at 0600
> (read and write by owner only).
>
> If I want to access the session in other languages (like Perl),
> permission is denied. How do I set PHP to save them with a different
> read/write permission?

Just to provide a new idea, you may consider to change the default
session handler and use a database. The drawback is that you have to
write some extra code but it looks like a more solid approach since you
have full control of everything and databases are normally designed with
concurrent access in mind:

http://es2.php.net/manual/en/session.configuration.php#ini.session.save-han dler
http://es2.php.net/manual/en/function.session-set-save-handler.php


--
-- http://alvaro.es - Álvaro G. Vicario - Burgos, Spain
-- Mi sitio sobre programación web: http://borrame.com
-- Mi web de humor satinado: http://www.demogracia.com
--
  Switch to threaded view of this topic Create a new topic Submit Reply
Previous Topic: What could be causing this "Invalid callback" warning?
Next Topic: Best PHP Groupware Tools Script Sharing
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sun Nov 10 10:57:29 GMT 2024

Total time taken to generate the page: 0.02444 seconds