ID: 42596 Updated by: [EMAIL PROTECTED] Reported By: randy at rcs-comp dot com -Status: Bogus +Status: Open Bug Type: Session related Operating System: Linux PHP Version: 5.2.4 New Comment:
Ilia, RTFS. :) Previous Comments: ------------------------------------------------------------------------ [2007-09-09 15:55:02] [EMAIL PROTECTED] Thank you for taking the time to write to us, but this is not a bug. Please double-check the documentation available at http://www.php.net/manual/ and the instructions on how to report a bug at http://bugs.php.net/how-to-report.php There is no such feature. ------------------------------------------------------------------------ [2007-09-08 03:47:00] randy at rcs-comp dot com Description: ------------ When using the mode parameter in session_save_path (or presumably session.save_path) it will not set the "write" bit correctly for anyone but the owner of the file. Read and execute bits are set correctly. This is important b/c I would like to setguid on the session directory so that a non-priveleged user (the website reseller) can clean it out. That way, all I have to do is add apache to the user's group, and no more problems with clearing out sessions. Reproduce code: --------------- <?php $pm = '0;0600;'.dirname(__FILE__).'/sessions'; session_save_path($pm); session_start(); die('hello world'); ?> // delete the session file just created <?php $pm = '0;0660;'.dirname(__FILE__).'/sessions'; session_save_path($pm); session_start(); die('hello world'); ?> // delete the session file just created <?php $pm = '0;0777;'.dirname(__FILE__).'/sessions'; session_save_path($pm); session_start(); die('hello world'); ?> Expected result: ---------------- [EMAIL PROTECTED] sessions]# ls -l total 0 -rw------- 1 apache apache 0 Sep 7 23:30 sess_b1fb... [EMAIL PROTECTED] sessions]# ls -l total 0 -rw-rw---- 1 apache apache 0 Sep 7 23:31 sess_b1fb... [EMAIL PROTECTED] sessions]# ls -l total 0 -rwxrwxrwx 1 apache apache 0 Sep 7 23:40 sess_b1fb... Actual result: -------------- [EMAIL PROTECTED] sessions]# ls -l total 0 -rw------- 1 apache apache 0 Sep 7 23:30 sess_b1fb... [EMAIL PROTECTED] sessions]# ls -l total 0 -rw-r----- 1 apache apache 0 Sep 7 23:31 sess_b1fb... ^^^^^^^^^^ <---------------- Permission does not have write bit [EMAIL PROTECTED] sessions]# ls -l total 0 -rwxr-xr-x 1 apache apache 0 Sep 7 23:40 sess_b1fb... ^^^^^^^^^^ <---------------- Permission does not have write bits ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=42596&edit=1
