- 0
session.save_path (/tmp) is not writable for web server :: security-risk!?
Asked by
tarifa,
-
Recently Browsing 0 members
- No registered users viewing this page.
-
Posts
-
By erpster3 · Posted
eh I'll wait for the June 2026 MVS ISO downloads which should be coming out next Tuesday June 16 and possibly contain build 8655 instead of 8653 -
By erpster3 · Posted
read this recent topic in another forum: https://www.askwoody.com/forums/topic/still-on-win-10-and-happy-to-be-there/ some people are happy sticking with Win10 -
By Ivan Jenic · Posted
Cooler Master MasterFrame 600 PC case is now 33% off on Amazon by Ivan Jenic The Cooler Master MasterFrame 600 is currently $109.99 on Amazon, down from its original $164.99 list price. That's 33% off and $55 saved on this premium aluminum mid-tower case with a modular design. If you're upgrading your PC case and want something that doesn't force you into a rigid layout, the MasterFrame 600 is worth a look. The case is built around the Cooler Master's FreeForm 2.0 platform, which lets you reconfigure the internal structure according to your hardware. Magnetic side panels allow for straightforward adjustments, and the case supports everything from Mini-ITX to E-ATX motherboards without compromise. There's also generous cooling headroom. Four pre-installed PWM fans handle airflow out of the box. GPU clearance goes up to 410mm, and the case supports radiators up to 420mm with room for three simultaneously. Truth be told, this might not be the prettiest case on the market, but it’s highly functional. The aluminum construction keeps the whole thing lightweight despite its size, and the finish looks noticeably better than the plastic mid-towers competing at this price point. If you want a serious, flexible case that prioritizes function over flashy aesthetics like RGB lighting, the MasterFrame 600 delivers at a reasonable price. Cooler Master MasterFrame 600 - $109.99 | 33% off on Amazon This Amazon deal is US-specific and not available in other regions unless specified. This is a first-party seller link (at the time of article publishing); ensure that you also purchase from a first-party seller link only. If you don't like it or want to look at more options, check out the previous deals that we have covered, OR you can also visit Amazon US deals page. Get Prime (SNAP), Prime Video, Audible Plus or Kindle / Music Unlimited. Free for 30 days. As an Amazon Associate, we earn from qualifying purchases. -
By restore · Posted
i guess im heading to uupdump. thanks -
By leonsk29 · Posted
DK, I don't use the extended channel, I'm always on the latest release.
-
-
Recent Achievements
-
restore went up a rank
Rookie
-
AndrewSteel earned a badge
Very Popular
-
Taliseian went up a rank
Veteran
-
Clizby earned a badge
One Month Later
-
Timaximus earned a badge
One Month Later
-
-
Popular Contributors
-
Tell a friend
.thumb.png.b7089ebbdf00d96b3b92dddbd04bac02.png)
Question
tarifa
hi there - good day dear fellows,
the topic of today: session.save_path (/tmp) is not writable for web server :: security-risk!?
I am trying to install a script on my OpenSuse Webserver, and I managed to resolve most of the errors except of one:
That seems to be the problem. well - i guess that the default ownership may be incorrect on the session folder:
Example; php on some Linux-Server defaults to apache user.
If using nginx or other need to switch the folder ownership. Also as a note you have to change the user/group setting in www.conf.
chown -R root:nginx /var/lib/php/7.0/ sed -i 's/apache/nginx/g' /etc/php-fpm-7.0.d/www.conf service php-fpm-7.0 restartBut wait: what about the security - is it save to make the session.save_path writeable!?
my server-admin says that this is a big big hole and makes the server unsecure.
love to hear from you
update:
some clearings and clearification: - we re talking about the installation of a survey-script - called limesurvey - cf. www.limesurvey.org
i get the following complaints during the installation process -
and if we have a closer look at the script - (see below) then the server admin says - that this script wants to have unsecure things....
what do you say!?
look forward to hear from you
Edited by tarifaLink to comment
https://www.neowin.net/forum/topic/1393422-sessionsave_path-tmp-is-not-writable-for-web-server-security-risk/Share on other sites
1 answer to this question
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now