php.ini locked as read only even for root

  apache, linux, php, ubuntu

I will give some background first. I have several websites that I am running on Ubuntu 20.04 Server. I also have another computer running Kali Linux. When I used OWASP ZAP from the Kali Linux computer to check all of my websites, it gave me some flags for the sites:

Cookie No HttpOnly Flag
Cookie Without Samesite Attribute
X-Content-Type-Options Header Missing

So, I wanted to edit my php.ini file and change the following (will deal with headers later):
session.cookie_httponly = 1
session.cookie_samesite = Lax

When I try to edit my php.ini file, I get the message that the php.ini file is read only; even when trying to edit as root.

Here is what I have done and found.

I am running:
Ubuntu 20.04 Server
Apache 2.4
php 7.4

Everything is updated/upgraded.

I tried:
sudo vi /etc/php/7.4/apache2/php.ini and got a warning saying that php.ini was read only.

Also tried sudo nano /etc/php/7.4/apache2/php.ini and got same warning

ls -l php.ini produces -rw-r–r– 1 root root 73053

I then switched to root using su root and ran vi /etc/php/7.4/apache2/php.ini still gives warning of read only.

Running as root, I then tried chmod 655 /etc/php/7.4/apache2/php.ini and it gave me the: chmod: changing permissions of ‘/etc/php/7.4/apache2/php.ini’: Operation not permitted

I tried cd /etc/php/7.4/apache2 and then ls command. This produced:
conf.d php.ini php.ini~ php.iny~ php.inz~

I tried editing php.ini~ file and was able to edit it.

Used systemctl restart apache2 which successfully restarted apache

Ran OWASP ZAP again; still same flags.

I then ran the following command:
php -i | grep ‘Configuration File’ this produced:

Configuration File (php.ini) Path => /etc/php/7.4/cli
Loaded Configuration File => /etc/php/7.4/cli/php.ini

I then edited this file: vi /etc/php/7.4/cli/php.ini

I was able to edit this file and then restart apache.

After running OWASP ZAP again, I still get the warnings.

I was wondering if someone had an idea of what I am missing. Maybe all my /etc files are read only?


Source: Ask PHP