Apache PHP-CGI SuExec Session Issues

After enabling php-cgi and suexec to handle your site in Apache, you may discover issues with your web applications working incorrectly. This could simply be a session issue which is result of the suexec user being unable to write into /var/lib/php/session directory.

[box type="info"] Just note that this document assumes CentOS 6 for all example code and references. Syntax, file locations and codes may vary based on your distribution.[/box]

You can verify this problem simply by looking websites error log.

First, lets identify the SuExec user configured for your site. Simply open your Apache configuration file and identify value set for “SuexecUserGroup”.

As you can see the value “user1″ has been set as the SuExec user. Now we need allow user1 access to the /var/lib/php/session directory. The simplest way to do this is to add user1 into the apache group. This is done by editing your /etc/group file and appending the line for the Apache group with your user.

Look for the apache group and append your user, save and close the file (:wq)

….and you’re done, you don’t even have to restart Apache.

[author] [author_image timthumb='on']http://mcdee.com.au/wp-content/uploads/2012/11/photo.jpg[/author_image] [author_info]Andrew McDonald is an IT Systems Admin and all round technology junkie. Absolutely a jack-of-all-trades and not one to shy away from a challenge.


 [/author_info] [/author]

  2 comments

  1. Paul   •  

    Hi

    Won’t doing it this way mean that websites on the same server have access to each other’s session?

    • Andrew   •     Author

      Hey Paul, well consider this, by default all php session related data for all virtual hosts are written into the same folder by the apache user. I would of guessed that by using suexec (using an alternate user to apahce) and that user having write access into the folder won’t break or make php sessions any less secure than what they are by default ie. all created and accessed by the apache user.

      Honestly I’m not at all sure if it’s an easy process to have a per virtual host php-session directory or if it’s something Apache guru’s implement?

Leave a Reply

Your email address will not be published. Required fields are marked *


4 − one =

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">