I have recently run into issues with a PHP script not being able to create folders due to access rights issues. Our hosting company told me I should consider switching from DSO to Ruid2. I don't know too much about Linux (CentOS), but reading up convinced me that the switch should not cause any noticable downsides.
However, after switching, users complained they could not log in (session_start
failed due to access denied). I noticed strange behaviours, like being able to log in only in "incognito/private mode". We switched back in a hurry. Today it dawned on me that PHP might have been running under a new user and tried to access old session files created as another user, for users who still had the cookie.
Is that correct? Because then I'd switch to Ruid2 again and, this time, delete all session files in /tmp and not expect any problem.