ID: 42596 Updated by: bj...@php.net Reported By: randy at rcs-comp dot com -Status: Closed +Status: Bogus Bug Type: Session related Operating System: Linux PHP Version: 5.2.4 New Comment:
Sorry, but your problem does not imply a bug in PHP itself. For a list of more appropriate places to ask for help using PHP, please visit http://www.php.net/support.php as this bug system is not the appropriate forum for asking support questions. Due to the volume of reports we can not explain in detail here why your report is not a bug. The support channels will be able to provide an explanation for you. Thank you for your interest in PHP. Fix your umask(). Previous Comments: ------------------------------------------------------------------------ [2007-09-11 01:20:22] randy at rcs-comp dot com THANK YOU! ------------------------------------------------------------------------ [2007-09-10 23:43:13] il...@php.net This bug has been fixed in CVS. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. ------------------------------------------------------------------------ [2007-09-08 03:47:00] randy at rcs-comp dot com Description: ------------ When using the mode parameter in session_save_path (or presumably session.save_path) it will not set the "write" bit correctly for anyone but the owner of the file. Read and execute bits are set correctly. This is important b/c I would like to setguid on the session directory so that a non-priveleged user (the website reseller) can clean it out. That way, all I have to do is add apache to the user's group, and no more problems with clearing out sessions. Reproduce code: --------------- <?php $pm = '0;0600;'.dirname(__FILE__).'/sessions'; session_save_path($pm); session_start(); die('hello world'); ?> // delete the session file just created <?php $pm = '0;0660;'.dirname(__FILE__).'/sessions'; session_save_path($pm); session_start(); die('hello world'); ?> // delete the session file just created <?php $pm = '0;0777;'.dirname(__FILE__).'/sessions'; session_save_path($pm); session_start(); die('hello world'); ?> Expected result: ---------------- [r...@host sessions]# ls -l total 0 -rw------- 1 apache apache 0 Sep 7 23:30 sess_b1fb... [r...@host sessions]# ls -l total 0 -rw-rw---- 1 apache apache 0 Sep 7 23:31 sess_b1fb... [r...@host sessions]# ls -l total 0 -rwxrwxrwx 1 apache apache 0 Sep 7 23:40 sess_b1fb... Actual result: -------------- [r...@host sessions]# ls -l total 0 -rw------- 1 apache apache 0 Sep 7 23:30 sess_b1fb... [r...@host sessions]# ls -l total 0 -rw-r----- 1 apache apache 0 Sep 7 23:31 sess_b1fb... ^^^^^^^^^^ <---------------- Permission does not have write bit [r...@host sessions]# ls -l total 0 -rwxr-xr-x 1 apache apache 0 Sep 7 23:40 sess_b1fb... ^^^^^^^^^^ <---------------- Permission does not have write bits ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=42596&edit=1