Wrong session file ownership

It seems that the webserver session storage is now creating season files with the apache2 user ownership instead of the “librenms:librenms” user.

====================================

====================================

[OK] Composer Version: 1.6.5
[OK] Dependencies up-to-date.
[OK] Database connection successful
[OK] Database schema correct
[FAIL] We have found some files that are owned by a different user than librenms, this will stop you updating automatically and / or rrd files being updated causing graphs to fail.
[FIX] chown -R librenms:librenms /opt/librenms
Files:
/opt/librenms/storage/framework/sessions/ju1zBqg5KMIQZfHidNm3LT6UiMwK97pHtlCGCTiR
/opt/librenms/storage/framework/sessions/i7Oh6seqPqoQecm8O4SgTXnaFuYnpwU5V8AujbWC
/opt/librenms/storage/framework/sessions/XWC8Yu2BK7gbUNSL0f7kskK0rmfok48JfNaJjwwN
/opt/librenms/storage/framework/sessions/daZOKtqZOn9uaWCDo6uI3UN9wZ9kCTtHH8GwdfRu
/opt/librenms/storage/framework/sessions/iHLxdwMTleUCFN2d8lawEMcuzRYtSFh9W8YZfdRO
/opt/librenms/storage/framework/sessions/LwdoccQ0h7ZVVIDVrB5vWj3CD5enUia3F78CoHv5
/opt/librenms/storage/framework/sessions/THQhvFr14i6h9pK8kCMXvYVgynbozGQhPADBmGij
/opt/librenms/storage/framework/sessions/pyzUI20mfvuCbyROtQ2RiEbLhx0pXCL5EWGjuNbd

Chowning doesn’t help because new session file continue to be created with wrong owneshir.
Also restarted apache which continues to run under www-data:www-data user.

Also:
Welcome to Ubuntu 16.04.4 LTS (GNU/Linux 4.4.0-121-generic x86_64)

• Documentation: https://help.ubuntu.com
• Management: https://landscape.canonical.com
• Support: https://ubuntu.com/advantage

19 packages can be updated.
14 updates are security updates.

Any ideas ?

TIA

The following Ubuntu packages are to be upgraded,…
The following NEW packages will be installed:
linux-headers-4.4.0-124 linux-headers-4.4.0-124-generic linux-image-4.4.0-124-generic linux-image-extra-4.4.0-124-generic
The following packages will be upgraded:
distro-info-data ghostscript ifupdown libavahi-client3 libavahi-common-data libavahi-common3 libcupsfilters1 libgs9 libgs9-common linux-base linux-generic linux-headers-generic linux-image-generic linux-libc-dev wget

Files:
 /opt/librenms/bootstrap/cache/services.php
 /opt/librenms/storage/framework/sessions/uli4mGNPEY35thalM6gGPy4CjOWakM6f1KVXGG9r
 /opt/librenms/storage/framework/sessions/WXt1KVy7oNyeG5QN8vSV4yVze6kYP7bCPR8oE16X

$ ls -l /opt/librenms/bootstrap/cache/services.php
-rw-rw-r-- 1 www-data www-data 11861 May 10 09:34 /opt/librenms/bootstrap/cache/services.php

Hum… that is rather annoying.

Chowning /opt/librenms/bootstrap/cache/services.php to the librenms user works and remains stable it seems.
(this file was indeed listed as having the wrong owner by the validate.php script.)
The session files are created with the user running the apache2.

I am having the same issue, however each time a new web session is started from a different location this file keeps having the permission reset to www-data:www-data --> “/opt/librenms/bootstrap/cache/services.php” and the “/opt/librenms/storage/framework/sessions/” just fills up with session files with the same permissions www-data:www-data!

This is a setup right out of the book…no weird settings here
This happened after the latest update! here is where i am standing with versions and system.

====================================

====================================

[OK] Composer Version: 1.6.5
[OK] Dependencies up-to-date.
[OK] Database connection successful
[OK] Database schema correct

librenms log error that sticks out

production.ERROR: ErrorException: file_put_contents(/opt/librenms/storage/framework/sessions/tnecPbNrmsgYIwcKf1RLlZpdzLTTVJbSiLBQ8uFF): failed to open stream: Permission denied in /opt/librenms/vendor/laravel/framework/src/Illuminate/Filesystem/Filesystem.php:122
Stack trace:
#0 [internal function]: Illuminate\Foundation\Bootstrap\HandleExceptions->handleError(2, ‘file_put_conten…’, ‘/opt/librenms/v…’, 122, Array)
#1 /opt/librenms/vendor/laravel/framework/src/Illuminate/Filesystem/Filesystem.php(122): file_put_contents(’/opt/librenms/s…’, ‘a:5:{s:6:"_toke…’, 2)
#2 /opt/librenms/vendor/laravel/framework/src/Illuminate/Session/FileSessionHandler.php(83): Illuminate\Filesystem\Filesystem->put(’/opt/librenms/s…’, ‘a:5:{s:6:"_toke…’, true)
#3 /opt/librenms/vendor/laravel/framework/src/Illuminate/Session/Store.php(128): Illuminate\Session\FileSessionHandler->write(‘tnecPbNrmsgYIwc…’, ‘a:5:{s:6:"_toke…’)
#4 /opt/librenms/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(88): Illuminate\Session\Store->save()
#5 /opt/librenms/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(218): Illuminate\Session\Middleware\StartSession->terminate(Object(Illuminate\Http\Request), Object(Illuminate\Http\Response))
#6 /opt/librenms/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(189): Illuminate\Foundation\Http\Kernel->terminateMiddleware(Object(Illuminate\Http\Request), Object(Illuminate\Http\Response))
#7 /opt/librenms/html/index.php(58): Illuminate\Foundation\Http\Kernel->terminate(Object(Illuminate\Http\Request), Object(Illuminate\Http\Response))
#8 {main}

looks like the main Librenms Demo site is having this issue as well

image1253×971 31.9 KB

Seems that the validate.php from 1.39-45-g4347f0a doesn’t barf anymore on the session file ownership of the session files in /opt/librenms/storage/framework/sessions owned by the apache2 user.
The question remains if the issue is resolved or simply ignored by the validate.php script as before?

Validate was incorrect, it has now been fixed. It is ok for the web server user to own them. But the web server needs to be able to write to them. If it cannot write then there will be an issue.