ID: 42596 Updated by: [EMAIL PROTECTED] Reported By: randy at rcs-comp dot com -Status: Open +Status: Closed Bug Type: Session related Operating System: Linux PHP Version: 5.2.4 New Comment:
This bug has been fixed in CVS. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. Previous Comments: ------------------------------------------------------------------------ [2007-09-08 03:47:00] randy at rcs-comp dot com Description: ------------ When using the mode parameter in session_save_path (or presumably session.save_path) it will not set the "write" bit correctly for anyone but the owner of the file. Read and execute bits are set correctly. This is important b/c I would like to setguid on the session directory so that a non-priveleged user (the website reseller) can clean it out. That way, all I have to do is add apache to the user's group, and no more problems with clearing out sessions. Reproduce code: --------------- <?php $pm = '0;0600;'.dirname(__FILE__).'/sessions'; session_save_path($pm); session_start(); die('hello world'); ?> // delete the session file just created <?php $pm = '0;0660;'.dirname(__FILE__).'/sessions'; session_save_path($pm); session_start(); die('hello world'); ?> // delete the session file just created <?php $pm = '0;0777;'.dirname(__FILE__).'/sessions'; session_save_path($pm); session_start(); die('hello world'); ?> Expected result: ---------------- [EMAIL PROTECTED] sessions]# ls -l total 0 -rw------- 1 apache apache 0 Sep 7 23:30 sess_b1fb... [EMAIL PROTECTED] sessions]# ls -l total 0 -rw-rw---- 1 apache apache 0 Sep 7 23:31 sess_b1fb... [EMAIL PROTECTED] sessions]# ls -l total 0 -rwxrwxrwx 1 apache apache 0 Sep 7 23:40 sess_b1fb... Actual result: -------------- [EMAIL PROTECTED] sessions]# ls -l total 0 -rw------- 1 apache apache 0 Sep 7 23:30 sess_b1fb... [EMAIL PROTECTED] sessions]# ls -l total 0 -rw-r----- 1 apache apache 0 Sep 7 23:31 sess_b1fb... ^^^^^^^^^^ <---------------- Permission does not have write bit [EMAIL PROTECTED] sessions]# ls -l total 0 -rwxr-xr-x 1 apache apache 0 Sep 7 23:40 sess_b1fb... ^^^^^^^^^^ <---------------- Permission does not have write bits ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=42596&edit=1
