Hi, I'm using 3.0.5.4p2, so sorry if this has been solved in p5 (will update tonight). When creating a website, php sessions won't work because the tmp directory doesn't have the write permissions for everybody. Code: PHP Warning: session_start(): open(/data/sites/clients/client12/web71/tmp/sess_5o892q2ubbn34td26rdsbh66d4, O_RDWR) failed: Permission denied (13) in ...
The temp directory may not have write permissions for everybody and writing to website tmp works fine here in p4. Just a guess, you changed php mode of the site or switched on / off suexec without closing a browser window that has this site open. What happens then is that php tries to reuse a session file that it has written under a different user before. Change permission of the tmp folder back, then close your browser and open it again so php creates a new session.
I was using Adminer on a fresh site with mod_php (suexec switched off). the tmp directory belongs to web71:client12 the sessions files are created by the http server (www-data:www-data). How could it create them if it doesn't write authorisation for the tmp folder ?
mod_php should not be used anymore it allows a hacker (or client that want to harm you) to go from one site to all other sites easily as it runs all sites under the same user, please switch the site to either php-fpm or php-fcgi and switch suexec on (see ispconfig manual for details on ecommended php versions). If you really want to use mod_php, then you have to replace the normal apache with a version that uses the mpm-itk module.
Thanks, I wasn't aware of that. Sites created with previous ispconfig versions and mod_php had indeed 777 authorisations on the tmp folder.
You might also want to check that the security mode under System > server config > web is set to high.
Switching to PHP-FHM gives the following error : Code: (13)Permission denied: FastCGI: failed to connect to server "/data/sites/clients/client12/web71/cgi-bin/php5-fcgi-*-80-<host>": connect() failed FastCGI: incomplete headers (0 bytes) received from server "/data/sites/clients/client12/web71/cgi-bin/php5-fcgi-*-80-<host>" And since mod-php is still availlable, is there really a good reason to restrict write to the tmp directory ?
Most likely you dont have a php-fpm dameon installed yet. Try to use fcgi instead as the fcgi mode is available for a longer time, so fcgi should be installed even on older installations. Yes, other sites would be able to manipulate php session data to get access to the system installed on that site.
The php-fpm daemon was installed. Following instructions from elsewhere, In /etc/php5/fpm/pool.d/web71.conf I changed : listen.mode = 0660 to : listen.mode = 0666 and restarted the php-fpm service. It works, but I don't have a clue about what this does.