Description of problem: the /var/lib/php/session dir has the following permissions (default install): drwxrwx---. 2 root apache 4096 Feb 1 00:40 session This directory is used by cherokee; which, recently, runs under the cherokee user and group. I dunno about nginx and others. Possible solution: I'd recomend using a www/webserver/php group or something like it and add cherokee, nginx, apache and all the current web servers that could use it to that group. Does this call for collaboration between packagers? Anyway, it's an immediate problem and has no other solution but to change this to root.cherokee or root.nginx or whatever... If you use both, you need to do the group thing. And, what about SELinux??
Does Cherokee invoke PHP via the CGI interface? There are certainly other solutions: e.g. having Cherokee create an appropriately-owned session directory and change the session.save_path config option when invoking php-cgi or whatever. Using custom POSIX ACLs on the existing dir would also work, but they get blown away on upgrades I believe, they can't be packaged and you are correct to bring up SELinux.
ping This should be taken care off. There is no way of installing php without apache since it depends on it and cherokee must live side-by-side with apache; even if the former isn't used. Please, do what must be done. It does use the FCGI interface. Maybe it can be configured to use it's own php sessions dir. It should be located on /var/lib/php/cherokee and, possibly, apache should use /var/lib/php/httpd right? I'd like to remind you that Redhat/Fedora names the apache service as httpd for the sake of neutrality. This should be taken in count. Please, don't misunderstand. It is not my intention to tell you what to do or anything, just my humble opinion.
If somebody wants to propose and push through a "universal" solution, I'm happy to go along. In the absence of such, daemon packages which invoke PHP under a non-apache uid should ensure session state is managed appropriately. It looks like cherokee depends on MySQL so it might make more sense to use MySQL-based session storage rather than files, for example.
(In reply to comment #3) > If somebody wants to propose and push through a "universal" solution, I'm happy > to go along. In the absence of such, daemon packages which invoke PHP under a > non-apache uid should ensure session state is managed appropriately. > > It looks like cherokee depends on MySQL so it might make more sense to use > MySQL-based session storage rather than files, for example. IMHO, this is greatly solved with php-fpm. When present, cherokee uses it by default. php-fpm has been configured to act as apache user and apache group. This solves all the problems and enables SELinux on it. One has to enable certain SELinux boolean in order to allow cherokee to connect to the 9000 TCP port. Either way, it works.
This message is a notice that Fedora 14 is now at end of life. Fedora has stopped maintaining and issuing updates for Fedora 14. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At this time, all open bugs with a Fedora 'version' of '14' have been closed as WONTFIX. (Please note: Our normal process is to give advanced warning of this occurring, but we forgot to do that. A thousand apologies.) Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, feel free to reopen this bug and simply change the 'version' to a later Fedora version. Bug Reporter: Thank you for reporting this issue and we are sorry that we were unable to fix it before Fedora 14 reached end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged to click on "Clone This Bug" (top right of this page) and open it against that version of Fedora. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping