Permission issue of PHP_sessions folder

sama55

I found a backup error with tar command. This is caused by permission of zp-data/PHP_sessions folder. It is 311 (read denied) in my environment.

zp-core/setup/index.php (around L28)

@mkdir(dirname(dirname(dirname(__FILE__))) . '/' . DATA_FOLDER . '/PHP_sessions', $chmod | 0311);

$chmod variable is not defined in this source.

Q1: Is this the intended movement?
Q2: Is this for security reason?

Side note: Session data is saved correctly. However, I am concerned about system update, etc.

Best regards.

acrylian

The `zp-data` folder should be protected by strict permissions of 600 to prevent outside access since it contains the logs and the config file. Cannot answer about the sessions folder actually. But never heard of or encounter any issues with it

The undefined variable is probably a bug