[Bug 316441] Re: PHP session garbage collection
The irony of the situation is that the latest Ubuntu PHP packages, in Maverick and also Lucid I believe (but don't have a running version to hand to verify) actually do contain the original php.net defaults for garbage collection. So in fact BOTH the default PHP garbage collector and the Debian cron job are running. So now not only does this supposed security flaw (according to Ondřej) now exist in the package, but also the half-assed Debian cron job that doesn't even prevent multiple versions of itself running and causes extremely high IO. Replacing one flawed system with another flawed system is not a solution. The reality is that Debian are the real package maintainers and Ubuntu just make a few small modifications and run the auto build scripts, hence we're probably wasting our breath raising the issue here. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. https://bugs.launchpad.net/bugs/316441 Title: PHP session garbage collection -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 316441] Re: PHP session garbage collection
I found another issue with this cron job today. One of our web servers was experiencing very high load, I assumed we had high traffic and went to take a look at where the traffic was coming from. It wasn't website traffic at all. We had so many PHP session files in the folder that the cron had failed to delete all the files within 30 minutes, in fact we had 6 cron jobs running at the same time. This almost brought the server to it's knees. Yet another reason to loose this cron job. -- PHP session garbage collection https://bugs.launchpad.net/bugs/316441 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 562531] [NEW] Latest Apache 2.2 is missing mod_reqtimeout.so
Public bug reported: Binary package hint: apache2 The latest update to Apache 2 today on Lucid beta is missing a shared object file mod_reqtimeout.so and fails to start following upgrade. apache2: Syntax error on line 204 of /etc/apache2/apache2.conf: Syntax error on line 1 of /etc/apache2/mods-enabled/reqtimeout.load: Cannot load /usr/lib/apache2/modules/mod_reqtimeout.so into server: /usr/lib/apache2/modules/mod_reqtimeout.so: cannot open shared object file: No such file or directory ** Affects: apache2 (Ubuntu) Importance: Undecided Status: New ** Tags: apache2 -- Latest Apache 2.2 is missing mod_reqtimeout.so https://bugs.launchpad.net/bugs/562531 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 316441] Re: PHP session garbage collection
If you edit /etc/cron.d/php5 you will have something like this: # /etc/cron.d/php5: crontab fragment for php5 # This purges session files older than X, where X is defined in seconds # as the largest value of session.gc_maxlifetime from all your php.ini # files, or 24 minutes if not defined. See /usr/lib/php5/maxlifetime # Look for and purge old sessions every 30 minutes 09,39 * * * * root [ -x /usr/lib/php5/maxlifetime ] [ -d /var/lib/php5 ] find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -n 200 -r -0 rm Just comment the last line to disable the cron job. Then in /etc/php5/apache2/php.ini search for the [Session] section and modify any of the following to your requirements: session.save_handler = files How php stores session data, leave this alone unless you want to change the save handler, e.g. to memcache ;session.save_path = /var/lib/php5 Change the location of where php saves session files. Either a local path for 'files' or a url in the form of tcp://1.2.3.4:11211/ for memcache etc. ;session.gc_probability = 0 session.gc_divisor = 100 You will need to uncomment session.gc_probability and set it to 1 to enable the default garbage collection behaviour of PHP. This means that approx every 100 requests PHP will perform garbage collection, you could decrease session.gc_divisor or increase session.gc_probability to increase this but default should be fine. session.gc_maxlifetime = 1440 This is how long sessions remain active, 1440 seconds is not long, only about 20 mins (24 to be exact) so it is often worth increasing this value, depending on your needs. There are other variables in the [Session] section but you shouldn't need to change them. -- PHP session garbage collection https://bugs.launchpad.net/bugs/316441 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 316441] Re: PHP session garbage collection
You're probably better off removing the Debian cron job and modifying the php.ini yourself to your prefered settings (even if you revert them back to the original PHP settings). Unfortunately, it doesn't seam like anyone at Ubuntu is interested in changing this away from the Debian modifications, despite the fact it is non-standard behaviour for PHP. There is an interesting thread on this somewhere on the PHP internals mailing list, it seams the PHP developers feel the pain of users having problems with distro modified versions of PHP and get quite a few complaints from users because of non-standard mods to the source by the linux distros (obviously not their fault)! Unfortunately couldn't find it now but it's on there somewhere. -- PHP session garbage collection https://bugs.launchpad.net/bugs/316441 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 370445] [NEW] Postfix is dependancy for MySQL Server on server edition
Public bug reported: Binary package hint: mysql-server Postfix is a dependancy for mysql-server on Ubuntu 9.04 server edtion. MySQL doesn't require a mail server, having postfix as a dependancy also presents lack of choice to user and is counter productive for a server product to install unwanted packages and services on the system. Packages marked with *** below: # sudo apt-get install mysql-server Reading package lists... Done Building dependency tree Reading state information... Done The following extra packages will be installed: ***bsd-mailx*** libdbd-mysql-perl libdbi-perl libhtml-template-perl libmysqlclient15off libmysqlclient16 libnet-daemon-perl libplrpc-perl ***mailx*** mysql-client-5.1 mysql-common mysql-server-5.1 ***postfix*** ssl-cert Have to run sudo apt-get purge postfix to remove it following MySQL install. ** Affects: mysql-dfsg-5.0 (Ubuntu) Importance: Undecided Status: New ** Description changed: Binary package hint: mysql-server Postfix is a dependancy for mysql-server on Ubuntu 9.04 server edtion. MySQL doesn't require a mail server, having postfix as a dependancy also presents lack of choice to user and is counter productive for a server product to install unwanted packages and services on the system. Packages marked with *** below: # sudo apt-get install mysql-server Reading package lists... Done Building dependency tree Reading state information... Done The following extra packages will be installed: ***bsd-mailx*** libdbd-mysql-perl libdbi-perl libhtml-template-perl libmysqlclient15off libmysqlclient16 libnet-daemon-perl libplrpc-perl ***mailx*** mysql-client-5.1 mysql-common mysql-server-5.1 ***postfix*** ssl-cert + + Have to run sudo apt-get purge postfix to remove it following MySQL + install. -- Postfix is dependancy for MySQL Server on server edition https://bugs.launchpad.net/bugs/370445 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mysql-dfsg-5.0 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 305393] Re: Please upgrade php5 to new upstream version 5.2.9
PHP 5.2.8 release was 8th December 2008 Jaunty feature freeze was February 19th 2009 Yet Jaunty ships with 5.2.6, bit of a let down for people running server edition and wanting useful updates... -- Please upgrade php5 to new upstream version 5.2.9 https://bugs.launchpad.net/bugs/305393 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 316441] Re: PHP session garbage collection
In the [Session] section of php.ini there is the following: ; Define the probability that the 'garbage collection' process is started ; on every session initialization. ; The probability is calculated by using gc_probability/gc_divisor, ; e.g. 1/100 means there is a 1% chance that the GC process starts ; on each request. ; This is disabled in the Debian packages, due to the strict permissions ; on /var/lib/php5. Instead of setting this here, see the cronjob at ; /etc/cron.d/php5, which uses the session.gc_maxlifetime setting below session.gc_probability = 1 session.gc_divisor = 100 The default for session.gc_probability in Ubuntu is 0. What does work: Using standard PHP stuff, keeping sessions stored in default path of /var/lib/php5 What doesn't work: Changing session path to another folder either in php.ini or using an ini_set etc (although the cron job can be modified). (For example we use an NFS share for standard PHP sessions so sessions are valid accross multiple web servers.) Using session_set_save_handler to modify default session storage functions of php. Granted for most users the default functionality provided currently with php5 packages will be absolutely fine, but for larger, more complex and distributed PHP applications it breaks the functionality without modification back to php defaults. -- PHP session garbage collection https://bugs.launchpad.net/bugs/316441 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 316441] Re: PHP session garbage collection
Well for starters I am not complaining, I'm making a suggestion. So use of PHP functions and the default PHP distribution settings are 'non-standard'? -- PHP session garbage collection https://bugs.launchpad.net/bugs/316441 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 316441] Re: PHP session garbage collection
This is with latest Intrepid version. -- PHP session garbage collection https://bugs.launchpad.net/bugs/316441 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
