- 0
session.save_path (/tmp) is not writable for web server :: security-risk!?
Asked by
tarifa,
-
Recently Browsing 0 members
- No registered users viewing this page.
-
Posts
-
By +InsaneNutter · Posted
You'd have to show me an example of a listing that says Gen 1, usually i'd expect that to mean Snapdragon Gen 1 (a type of chipset, which the Pixels don't use). Pixel 7 - White - 128gb - Unlocked - 85%+ battery - Grade B+ - $159 with free delivery - https://www.ebay.com/itm/398046617206 Pixel 7 - Obsidian - 128gb - Unlocked - 80%+ battery - Very Good - $157 with free delivery - https://www.ebay.com/itm/355617734563 Both look to be sold by companies with good feedback, dealing with refurbished phones and state the phones are unlocked with a clean IMEI. Obviously I can't vouch for either company though, but the listings look good in my opinion. -
By +mram · Posted
Because Chrome is doing it. And no one said anyone had to update immediately. That's silly. They could update every day for all I care as long as it's fast, and the next time the browser restarts, you're good. And the basic point is not to tee it up for bigger updates. As it is right now, all the windows I had open reopen anyway except inprivate. -
By seacaptain · Posted
Why? Does anybody actually want this? The constant need to close all browser sessions and wait for a new version to install, just so that there’s a integrated coupon manager feels like a waste of everyone’s time -
.thumb.png.b7089ebbdf00d96b3b92dddbd04bac02.png)
By PsYcHoKiLLa · Posted
I remember when Louis used to just do interesting Mac/iPhone repairs, now he's boring and just launches "crusades" every week -
By ad47uk · Posted
A shame it don't allow people to bypass the MS account, I will stick to using Rufus.
-
-
Recent Achievements
-
davidbazooked earned a badge
Week One Done
-
Jamswaz earned a badge
One Month Later
-
Jamswaz earned a badge
Week One Done
-
Marzoid went up a rank
Rookie
-
coch went up a rank
Community Regular
-
-
Popular Contributors
-
Tell a friend
.thumb.png.b7089ebbdf00d96b3b92dddbd04bac02.png)
Question
tarifa
hi there - good day dear fellows,
the topic of today: session.save_path (/tmp) is not writable for web server :: security-risk!?
I am trying to install a script on my OpenSuse Webserver, and I managed to resolve most of the errors except of one:
That seems to be the problem. well - i guess that the default ownership may be incorrect on the session folder:
Example; php on some Linux-Server defaults to apache user.
If using nginx or other need to switch the folder ownership. Also as a note you have to change the user/group setting in www.conf.
chown -R root:nginx /var/lib/php/7.0/ sed -i 's/apache/nginx/g' /etc/php-fpm-7.0.d/www.conf service php-fpm-7.0 restartBut wait: what about the security - is it save to make the session.save_path writeable!?
my server-admin says that this is a big big hole and makes the server unsecure.
love to hear from you
update:
some clearings and clearification: - we re talking about the installation of a survey-script - called limesurvey - cf. www.limesurvey.org
i get the following complaints during the installation process -
and if we have a closer look at the script - (see below) then the server admin says - that this script wants to have unsecure things....
what do you say!?
look forward to hear from you
Edited by tarifaLink to comment
https://www.neowin.net/forum/topic/1393422-sessionsave_path-tmp-is-not-writable-for-web-server-security-risk/Share on other sites
1 answer to this question
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now