RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1146552 - yum update may break PHP Session Directory
Summary: yum update may break PHP Session Directory
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: php
Version: 6.5
Hardware: All
OS: Linux
unspecified
low
Target Milestone: rc
: ---
Assignee: Remi Collet
QA Contact: BaseOS QE - Apps
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-09-25 13:44 UTC by Andreas Schnederle-Wagner
Modified: 2021-01-14 09:24 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-10-30 22:59:06 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Andreas Schnederle-Wagner 2014-09-25 13:44:28 UTC 
Description of problem: 
When Apache is not configured with standard "User/Group" a simple "yum update" will always break PHP Session Directory when PHP is upgraded. As the Standard PHP Session directory "/var/lib/php/session" will always be recreated with standard user/group and only access for this User/Group. PHP Upgrade should check if Directory is already created - if it's already there - don't do anything ...

Version-Release number of selected component (if applicable):
*all*

How reproducible:
Change Apache User/Group within httpd.conf - do a yum update which updates PHP - PHP won't be able to access PHP Session Directory until you manually change user/group of the Directory or modify Permissions ...

Steps to Reproduce:
1. Change Apache User and Group to something other than standard
2. Do "yum update" when new PHP Version is released

Actual results:
Apache/PHP can't access it's Session Directory because it's recreated with standard User/Group with restrictive Permissions

Expected results:
If directory is already existing - don't touch it. Or if it's a must to recreate it - get actual User/Group Apache is running and chown it to the actual User/Group - so it won't break Session Handling

Additional info:
Most likely this Bug also exists in RHEL 7 - but not checked.
Comment 2 Remi Collet 2014-09-25 14:23:09 UTC 
If you don't use standard User/group, you should not use standard directories.

This bug mostly don't exists in RHEL - 7 as session path is now defined per SAPI and documented about ownership

In /etc/php.ini
; RPM note : session directory must be owned by process owner
; for mod_php, see /etc/httpd/conf.d/php.conf
; for php-fpm, see /etc/php-fpm.d/*conf
;session.save_path = "/tmp"

In /etc/httpd/conf.d/php.conf
php_value session.save_handler "files"
php_value session.save_path    "/var/lib/php/session"

In /etc/php-fpm.d/www.conf
; Set session path to a directory owned by process user
php_value[session.save_handler] = files
php_value[session.save_path] = /var/lib/php/session

Same configuration can be used in RHEL-6

So If you need to change User/Group, simple solution is to also change directory.

In httpd.conf: User foo
In php.conf    php_value session.save_path "/var/lib/php/foo-session"

And you can create as much as directories as needed if you run various httpd instance, using a different account for each.

As these directories are not managed by RPM, it won't be changed during update.
Comment 3 Andreas Schnederle-Wagner 2014-09-25 14:33:54 UTC 
You are right with the own Session Directories - on our own Servers we already do it like this. But as we are a Hosting Company with lot's of Customer Servers (where we only do Emergency Updates) we can't (should not) modify their Configurations ...

And I don't see any reason why the RPM Package should modify an already existing Directory ... chances that something breaks are just too big ... (Google Search for this rises lot's of Threads about this Problem)

Propably it would be the best to don't touch the Directory if it's already existing ...
Comment 4 Joe Orton 2014-10-30 22:59:06 UTC 
The behaviour described here is not a bug, as Remi says, the packages are working as designed.  This issue only affects configurations which have been modified from the default.

There is really nothing we can do in an RHEL6 update here to change this, sorry.
Comment 5 Andreas Schnederle-Wagner 2014-10-31 09:00:44 UTC 
Well - the Question than should be: Why are they designed that way?
It's not doing any good recreating an already existing Directory - but it may/will break any custom configurations where Apache isn't running the standard-user/group ...
Or can anyone explain me what advantages one get by recreating the already existing Directory? (I would be really interested in what thought behind this behavior lies)

Maybe you can help me understand this behaviour.

Thank you
Note You need to log in before you can comment on or make changes to this bug.