* Ian <php_list@xxxxxxxxxxxxx> [2012-08-13 09:50:51 +0100]: > On 13/08/2012 06:01, Philip Amadeo Saeli wrote: > > I'm administering WordPress sites under suPHP on a CentOS LAMP server > > and would like to know how I can set PHP to keep the session files under > > the WP user's dir without having do duplicate the entire php.ini file > > for each WP site while still maintaining adequate security. The > > problems I'm encountering are that, AFAICT, I have basically two > > choices: > > > > 1. Use the suPHP "suPHP_ConfigPath" to set the path to a > > per-site php.ini file containing a "session.save_path" > > directive. > > > > 2. Put php.ini files with the "session.save_path" directive > > within the WP dir hier. > > > > The problems with the above two options (I have found no other options > > so far) are that, for the former, the system php.ini file is not read so > > the per-site php.ini file(s) have to duplicate most if not all of what's > > in the system php.ini file; this is for each WP site (if not a WP Net > > (AKA WPMU) install); and for the latter, -any-and-every- subdir in the > > WP dir hier that has code that may reference the PHP session must have > > its own php.ini file in it. Either way it becomes a significant > > maintenance problem, especially once there are more than one or two > > such sites. > > > > I have not been able to find much documentation on this, either in the > > PHP site or in the various help forums. I've searched quite extensively > > and have run some tests of my own using phpinfo.php to see how things > > are set. > > > > I do not desire to open up file permissions to bypass this PHP settings > > issue altogether due to security concerns (though I do wish an answer > > could be so simple). > > > > What's canonical in such a case? If nothing, are there any other > > alternatives? My desired solution would be to be able to put one > > php.ini (or equivalent) file per site that would contain the needed > > directive which would be merged with the settings from the system > > php.ini, overriding only the session.save_path, but, AFAICT, PHP does > > not seem to allow this. Any other ideas? > > > > Thanks! > > > > --Phil > > Hi, > > You can add php.ini variables to the Apache Virtual Host section for > each site, for example: > > > php_admin_value session.save_path "/path/to/new/session/folder" > > [http://php.net/manual/en/configuration.changes.php] > > > This will override the save path for each site you add it to, but all > other values will be picked up from the system default. > > > You must make sure the Apache user has write access to the new folder. > > Regards > > Ian > -- Thanks, Ian, for the suggestion. I had tried that without success and had neglected to mention that in my post. The reason that it doesn't work, AFAICT, is that, since suPHP runs PHP as CGI and not DSO, the Apache directives are not available to it. Any other ideas? I'd especially like to better understand how PHP handles php.ini files and any rationale behind the way it handles them. Thanks, --Phil -- Philip Amadeo Saeli openSUSE, RHEL, CentOS psaeli@xxxxxxxxxxxx -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
