1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Subdomain with FastCGI:PHP sessions not work-chmod 777 /var/lib/php/session not help

Discussion in 'Plesk 10.x for Linux Issues, Fixes, How-To' started by bluik, Jul 31, 2011.

  1. bluik

    bluik Basic Pleskian

    14
    85%
    Joined:
    Jul 5, 2011
    Messages:
    40
    Likes Received:
    0
    Cross-posting.. I initially thought this problem was caused by Migrating sites from 9.x to 10.x, but no.
    I CANNOT BELIEVE such a STUPID bug has not been detected.

    ---------------------------------------------------------------
    PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE
    Parallels Plesk Panel, 10.3.1, RHEL6.1, x86-64

    PROBLEM DESCRIPTION AND STEPS TO REPRODUCE
    When FastCGI is turned on, subdomains can't use PHP sessions because they cannot write to /var/lib/php/session.
    Steps:
    1- Create domain
    2- Create subdomain
    3- Create a simple PHP file that uses sessions under the subdomain:
    ACTUAL RESULT
    EXPECTED RESULT
    Session to work properly. Some limitation prevents accessing /var/lib/php/session, as chmod 777 does not help.

    ANY ADDITIONAL INFORMATION
    Workaround:
    Insert this to the _httpd.include file for the subdomain vhost config:
    BUT with the above workaround there are more errors because the custom php ini refers to directories specific for the main site not the subdomain.
    --------------------------------------------------------------
     
    Last edited: Mar 29, 2012
  2. bluik

    bluik Basic Pleskian

    14
    85%
    Joined:
    Jul 5, 2011
    Messages:
    40
    Likes Received:
    0
    Solved

    OK, I did some digging and the culprit was in fact SELinux.

    In case anyone else hits this problem:

    To make it work, first fix permissions on the directory and then relabel it:
    Seems working after this, there are still some avc messages at audit.log but they seem related to site not the system.


    Sorry for the noise. I still think there should be a way for Plesk to do this automatically; for example having a second session directory for FCGI sites with correct owner/group,permissions & SELinux label.
     
    Last edited: Jan 26, 2012
  3. rjdown

    rjdown Guest

    0
     
    Found this through google, whoever is reading this probably did too!

    works great, thanks bluik

    Just a small correction, the first line should start with chown, and not chmod
     
  4. bluik

    bluik Basic Pleskian

    14
    85%
    Joined:
    Jul 5, 2011
    Messages:
    40
    Likes Received:
    0
    Thanks, edited to correct it, I really hope it is useful for other people.
    Now, I have had another problem with SELinux labels on subdomains for a long time requiring manual fixing with chcon after every time subdomain is created.. Perhaps with your encouragement I will make a post about that.
     
  5. bluik

    bluik Basic Pleskian

    14
    85%
    Joined:
    Jul 5, 2011
    Messages:
    40
    Likes Received:
    0
    Same issue with CentOS 5, Plesk 10.4.4. SELinux policy with Plesk is still not good.

    The above "chcon" fix does not survive a filesystem relabel by the way. The solution would be to modify the file context specification or to make a policy. I ended up making a quick&dirty policy, which might be too wide open:

    Save it to a file say php.te, compile & install:
    For CentOS/RHEL 6 add " open" after the word "getattr" in the two lines above.

    It would be great to add a new file context, something like below but it lacks access from unconfined domain and is wrong in so many ways (do not use it it does not work in enforcing mode). I lost interest because so many other problems with Plesk & SELinux but might revisit & update this thread later.
     
    Last edited: Mar 29, 2012
  6. Red Paint

    Red Paint Basic Pleskian

    26
    23%
    Joined:
    Aug 19, 2009
    Messages:
    78
    Likes Received:
    1
    bluik's solution worked for us too. Although as the bluik's last post suggests this looks like it's a temporary fix and will need to be re-run regularly.
     
Loading...