Images & Panel not working: error.session.filestore.dirNotWritable

I am currently trying to run kirby on a new Hosting Provider and the panel and images won’t load.

I am trying to resolve the problem by using the documentation https://getkirby.com/docs/guide/troubleshooting/installation

going through the list:

  • #1 Broken Subpages -> should be fine (checked .htaccess and it works, but I am no .htaccess expert!!!)
  • #2 PHP’s built-in server -> not sure what the hosting provider set up, and how to check that … phpinfo() says “Server API: Apache 2.0 Handler” -> so I assume its Apache

The Error used in the Topic error.session.filestore.dirNotWritable only shows if I try to access the panel, then whoops kicks in and shows the following error:

The session storage directory "...../web/dev/site/sessions" is not writable

Panel & images work, if I set the permissions to 777 or 775. But it should work with 755 right?

The Hosting Provider is: https://www.manitu.de
General php info: https://www.manitu.de/webhosting/phpinfo/

Yes, it should.

Maybe a problem with file ownership?

Yes, maybe:

How can I check that??
The Interface of the hosting provider is very limited, basically I just can switch php version between 7.1 / 7.2 / 7.3

See their documentation. It looks like you need to set permissions to 770 for it to work.

Note: This is not recommended for most other hosting providers. But in the setup of manitu, it’s apparently required.

ok, thanks,

so this is a security vulnerability, right?
what if I set the permissions to 775?

Am I getting this right, if I set the permissions to 770 my php script has write access, but also the hoster, represented as “group”, but no outside attacker?

That would be more open than necessary.

It depends on their setup. If you’d like to know more about it, you should contact their support team directly.

Kind of. If they have implemented their setup correctly, then yes. But if all sites on the server get served by the same shared Apache instance or by multiple instances of the same system group, there may be security issues when other users find a way to access the files beyond their directory.