php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #49401 Semaphore files are being created in / by default
Submitted: 2009-08-28 17:56 UTC Modified: 2009-08-31 16:40 UTC
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: nathan at gossamer-threads dot com Assigned:
Status: Not a bug Package: Session related
PHP Version: 5.2.10 OS: Gentoo
Private report: No CVE-ID: None
View Developer Edit
 [2009-08-28 17:56 UTC] nathan at gossamer-threads dot com 
Description:
------------
As of 5.2.10 it seems that the semaphore files are being created in / instead of the usual /tmp. Uncommenting the default session.save_path of /tmp in the php.ini fixes it.

Reproduce code:
---------------
nathan@ndb3 ~ $ php --version
PHP Warning:  PHP Startup: mm_create(0, /session_mm_cgi-fcgi1005) failed, err mm:core: failed to open semaphore file (Permission denied) in Unknown on line 0
PHP 5.2.10 (cgi-fcgi) (built: Aug 28 2009 10:23:30)
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2009 Zend Technologies

Patches

011_all_sharedmem_session_path_gentoo.patch (last revision 2010-05-28 19:28 UTC by mabi at gentoo dot org)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-08-29 00:36 UTC] jani@php.net 
Compared to what PHP version..?
 [2009-08-29 00:38 UTC] jani@php.net 
And I don't see any bug here anyway. If you don't define a path, it will 
just be "". And then it's up to whatever your current working directory 
happens to be. With Apache it's always /.
 [2009-08-31 16:40 UTC] nathan at gossamer-threads dot com 
Php 5.2.6 doesn't throw the error, but stracing does reveal that it's trying to create the file and failing:

open("/session_mm_cgi-fcgi1009.sem", O_RDWR|O_CREAT|O_EXCL, 0600) = -1 EACCES (Permission denied)
shmdt(0xb54c2000)                       = 0
shmctl(6619145, IPC_64|IPC_RMID, 0)     = -1 EINVAL (Invalid argument)
unlink("/session_mm_cgi-fcgi1009.sem")  = -1 ENOENT (No such file or directory)

If the expected behavior is to use the current working directory, this is not what it's doing:

nathan@ndb3 ~ $ pwd
/home/nathan
nathan@ndb3 ~ $ php-cli -v
PHP Warning:  PHP Startup: mm_create(0, /session_mm_cli1005) failed, err mm:core: failed to open semaphore file (Permission denied) in Unknown on line 0
PHP 5.2.10 (cli) (built: Aug 28 2009 10:17:34) 
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2009 Zend Technologies

My assumption would be that the stock ini file that php ships with should contain a basic example that works on 99% of the machines out there. No reasonably configured machine would allow a user to write to /, so if there's no code change needed here perhaps the default php.ini should have that session.save_path uncommented?
 [2010-05-28 21:32 UTC] mabi at gentoo dot org 
Gentoo's php-5.3 now uses the attached patch (thanks to tsisaruk.v@gmail.com) to automatically use the system's temp directory if no session save path is set. Imho, this is a useful default behaviour. Can you consider this patch for 5.3 or trunk?
 [2010-05-28 21:36 UTC] mabi at gentoo dot org 
meh, just noticed the patch is already on bug #49503, sorry for the spam. Still, can you comment on whether this can be considered for inclusion?
 [2010-05-28 22:29 UTC] mabi at gentoo dot org 
Actually, disregard that spam. I've tested php-5.3.2 and the problem appears to be gone, even w/o the patch. Dunno why i've had the error just a few weeks back then, but the linked bug states the warning has been fixed by jani, so i'll just shut up about it.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Mon Nov 03 19:00:02 2025 UTC