Need some help with permissions/ownership on my testing web server..???

I've got a dedicated virtual server that I use for a testing environment.  It comes with Plesk so I can handle most everything I need to do from there...I'm admittedly lame and don't know much about linux itself, but I do everything in PHP so I'm trying to get it all figured out.

When I first launched this new server I was  having a problem where all of my open source apps (wordpress, opencart, etc) weren't working well because of all sorts of permissions issues.  I learned that I needed to switch my server from Mod to FastCGI in order to allow the FTP users ownership of directories and fix this problem...which it did.

Now, though, I'm having an issue with a fresh install of OpenCart where I'm getting the following error...

Warning: session_start(): open(/var/lib/php/session/sess_2m8fs22c7rgvj3fdmpokqvfpc3, O_RDWR) failed: Permission denied (13) in /var/www/vhosts/ on line 11

So now I'm guessing that the problem is my /var/lib/php/session directory is still owned by the 'apache' user instead of allowing FTP users access to it..??  Am I on the right track?  

Whether I am or not I'm unsure how to fix this.  I'd like to make sure I can fix it so that any site created on this server doesn't have this problem.  

Any information on this would be greatly appreciated.  thanks!
LVL 11
Andrew AngellCo-Owner / DeveloperAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

You can use ACL to allow ftp user any kind of access on this folder

First show:
getfacl /var/lib/php/session

You can allow ftp user as follows

setfacl -m u:ftp:rwx /var/lib/php/session
Andrew AngellCo-Owner / DeveloperAuthor Commented:
I tried that and got an error that the command doesn't exist...

[root@sandbox ~]# getfacl /var/lib/php/session
-bash: getfacl: command not found
Ok, so you don't have acls.

You can make them share through the same group

So you want this file

Access to the following folder


Please do this
ls -l /var/www/vhosts/

ls -ld /var/lib/php/session
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

The point it, if you give the same group

If the file's group is changed to apache

chgrp apache /var/www/vhosts/

And assuming /var/lib/php/session already belongs to group apache then
allow group apache to do anything in this file

chmod g+rwx /var/lib/php/sessions
Andrew AngellCo-Owner / DeveloperAuthor Commented:
I want to ensure that all my other sites won't run into this problem on this server, too, though, without having to do this every single time.  This seems like something I'd have to do on a per-site basis..??  or even a per file basis..??
These are two commands, you can reverse them easily.  It would help you know if it is really a permission issue. Once you determine that, a strategy can be mode.
Andrew AngellCo-Owner / DeveloperAuthor Commented:
What's a little more confusing to me is that the line causing the error is a simple session_start().  When I create my own test page, though, and start a session, create a session var, and then display it, it works fine.  I did that here and then also dumped phpinfo...

The "test" at the top of the screen is a session var that I loaded and displayed.  I don't get any error on session_start here, but at, I do.
Andrew AngellCo-Owner / DeveloperAuthor Commented:
I'm not sure if this is correct, but it seems to have worked.

I took a look at the current ownership/group settings for all my web sites and they all seem to be using a specific owner/group.  My /var/lib/php/session directory was set to root:apache.  I simply changed the ownership of this directory to use the same thing as all my web sites are using and that seems to have done the trick.

Does this sound correct or did I do something that would be considered a bad thing?
No, this makes perfect sense.  If the directory ownership was root, it meant that everyone else was probably "others".  This is why I had requested to see the permissions

Glad it resolved

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.