Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SOLVED Help with unknown file in /tmp folder

Discussion in 'Security' started by hello-electro, Dec 7, 2016.

  1. hello-electro

    hello-electro Member

    Joined:
    Aug 9, 2016
    Messages:
    17
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Maryland
    cPanel Access Level:
    Root Administrator
    Hi, I started getting the following error for one of my sites. It occurs every time I log into WordPress from the domain. And is thrown on virtually every backend page.

    Code:
    [Wed Dec 07 02:12:11.236353 2016] [cgi:error] [pid 1523] [client 108.XX.XX.XX:38962] AH01215: PHP Warning:  Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct () in Unknown on line 0: /usr/local/cpanel/cgi-sys/ea-php70, referer: https://XXXXX.co/wp-admin/admin.php?page=mainwp_tab
    
    Also:

    Code:
    [Wed Dec 07 02:10:50.363361 2016] [cgi:error] [pid 1936] [client XXX.XX.XX.XX:XXXXX] AH01215: PHP Warning:  Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct () in Unknown on line 0: /usr/local/cpanel/cgi-sys/ea-php70, referer: https://XXXXXX.co/

    I tought it was one of my plugins, but the error shows up for more than just the mainwp_tab.

    When I went into my /tmp folder, there is a file that looks like this:
    Code:
    -rw-r--r-- 1 XXXXXX      XXXXXXX          0 Dec  7 01:49 lock103218.txt
    The XXXXXX is my domain. What is does the lock....txt mean? Is this file supposed to be here?

    Any help would be greatly appreciated!
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,427
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    You can upload a PHPINFO file to that account to verify the "session.save_path" that's configured. If it's /tmp, verify the partition is not at it's disk space or inode limit:

    Code:
    df -h
    df -i
    Regarding the .txt files in the /tmp directory, you can see additional threads where similar questions are answered by entering a term such as this on Google:

    Code:
    txt files /tmp site:forums.cpanel.net
    Let us know if this helps.

    Thank you.
     
  3. hello-electro

    hello-electro Member

    Joined:
    Aug 9, 2016
    Messages:
    17
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Maryland
    cPanel Access Level:
    Root Administrator
    Thanks for responding! Not sure this matters but FYI, this is only occuring with my reseller user. I have about 30 other vhosts that dont have this issue. Here are the results:

    phpinfo: session.save_path Local and Master value = null

    Size of directories:

    Code:
    df -h
    Filesystem      Size  Used Avail Use% Mounted on
    /dev/vda1        79G   35G   40G  47% /
    devtmpfs        3.9G     0  3.9G   0% /dev
    tmpfs           3.9G     0  3.9G   0% /dev/shm
    tmpfs           3.9G   33M  3.8G   1% /run
    tmpfs           3.9G     0  3.9G   0% /sys/fs/cgroup
    tmpfs           783M     0  783M   0% /run/user/0
    tmpfs           783M     0  783M   0% /run/user/988

    Code:
    df -i
    Filesystem      Inodes  IUsed   IFree IUse% Mounted on
    /dev/vda1      5171200 472804 4698396   10% /
    devtmpfs        999094    323  998771    1% /dev
    tmpfs          1001366      1 1001365    1% /dev/shm
    tmpfs          1001366    513 1000853    1% /run
    tmpfs          1001366     13 1001353    1% /sys/fs/cgroup
    tmpfs          1001366      1 1001365    1% /run/user/0
    tmpfs          1001366      1 1001365    1% /run/user/988
    Thanks also for the search terms, I really wasn't sure where to start. I did look at ownership for this file and it shows for the user I am having the issue with and following permissions:

    Code:
    -rw-r--r-- 1 MYUSER      MYSUSER           0 Dec  7 03:03 lock103218.txt
    I also ran securetmp script.

    I believe that seemed to fix the issue. NewRelic had a seizure but we worked it out. I looked through the various google search, but still am unsure of what "lock103218.txt" is. Is this safe to delete? Is it related to me being in the directory?

    Thanks for your help so far!
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,427
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    It's difficult to know for sure the purpose or source of that file . You could review the scripts uploaded to the account of the username it's associated with to see if any of them are writing files to the /tmp directory. Deleting it shouldn't cause any problems as it's stored in the /tmp partition and is an empty file.

    Thank you.
     
Loading...

Share This Page