Thanks @nas and @stephdl for pointing this out! I agree we need to fix this value.
Each application could define its session storage method. I think the best place to set session.save_path is into an application configuration file (for instance, server-manager assumes /var/cache/nethserver-httpd-admin), so it can be different for each application.
Moreover, PHP does not set a default, because the path depends on the platform. Our platform is CentOS, and php-common sets the default to /var/lib/php/session, in php.ini.
I propose to set the default to the value chosen by upstream.
There are also a lot of other parameters that could be adjusted to reflect the upstream settings. For ns7 Iād like to be more upstream-compliant and revert the php.ini to the upstream version. Our template can be moved to an included file, like /etc/php.d/nethserver.ini. What do you think?
After working on NethServer 7 in the last weeks, Iām beginning to change my mind a bit.
I mean: weāre discovering that some needed changes are a bit intrusive, Iād like to seize the opportunity to accept bigger modifications if we agree that they will make our life easier in the future (i.e. going back to upstream packages, reduce the number of packages we maintain, do things as upstream, etc).
Iām compiling a list of things that need to be worked on, trying to identify some patterns. When Iāll be ready, Iāll ask a review.
looking for the php.ini, I can see that the āupload_tmp_dir => no value => no valueā is not set, so it can be imagined to set a āsession.save_pathā and a āupload_tmp_dirā per ibay. Like this a Web application wonāt share some temporary folders with anotherā¦the risk of been hijacked by a corrupted application will be less important.
Security is always important, but who takes care of session and tmp directories creation?
The default āibay profileā (which is an hidden/undocumented feature used by migration) is a bit overloaded.
Is it the time to design a new one just for PHP webapps?
May it be useful to expose that concept on the āShared Folderā page and ask the admin to specify the āpurposeā of the Shared Folder at creation time?
File sharing and PHP web applications are two very different scenarios. Both require different filesystem permissions, and different Apache configurations. Probably web apps donāt need the ACL mess-up at all, but Samba shares do.
I think we should design new Shared folder profiles to serve different use cases. The one-fit-all configuration for shared folders is too hard to develop/maintain.
Moreover, as I said on the other thread, a new server manager page to configure virtual hosts could simplify the actual interface.
I mean Iām a bit lost, if you want a specific module for apache :
you will have duplicated code with the sharedfolder module
you will make hard for people to push or maintain their webapps (samba is an easy way to do it)
Honestly I donāt see the acl as something tricky for apache, you have now the possibility to restrict the apache permissions, obviously what it is asked now , is an option to give the full permissions to apache on shared folder.
I do believe that an Ibay is used, just for one purpose , with samba, the most of time there is no need to use httpd, but with this former, push files by samba is an easy way, of course when the server is on your local network.
After all you ask me to do a cultural revolutionā¦I use Ibay for samba, ftp, http, nfs, since so long time