Permission Denied for fastcgi_pass using PHP7

Question

I'm running LEMP with PHP7.0.

I've got this in my server block

fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;

But when I open the site, it returns a 502 Bad Gateway. Below is the error log.

*1 connect() to unix:/var/run/php/php7.0-fpm.sock failed (13: Permission denied) while connecting to upstream, client: xxx.xxx.xxx.xxx, server: example.com, request: "GET / HTTP1.1", upstream: "fsatcgi://unix:/var/run/php/php7.0-fpm.sock:", host: "example.com"

It says Permission Denied. What's wrong here? I've checked but I can't seem to find what needs to be given what kind of permission.

Thank you.

score 40 · Accepted Answer · edited May 23 '17 at 12:41

40

I got it working.

The php user was www-data but the nginx user was nginx.

Check php here: /etc/php/7.0/fpm/pool.d/www.conf

listen.owner = www-data
listen.group = www-data
listen.mode = 0660

Nginx user was at /etc/nginx/nginx.conf

This guided me: https://stackoverflow.com/questions/23443398/nginx-error-connect-to-php5-fpm-sock-failed-13-permission-denied

edited May 23 '17 at 12:41

Community

1

answered May 20 '16 at 12:52

julio

894
1
9
13

12

You can change nginx to use _www-data_ user, or, as I did, add _nginx_ user to the _www-data_ group using `sudo usermod -a -G www-data nginx` – chech Jan 04 '17 at 23:27

Nanhe Kumar · Answer 2 · 2019-02-27T06:30:28.830

8

I have fixed same issue by taking following steps.

Open your www.conf files (Example : sudo nano /etc/php-fpm.d/www.conf) Lastly, find the lines that set the listen.owner and listen.group and change their values from "nobody" to "nginx":

listen.owner = nginx
listen.group = nginx
listen.mode = 0660

Lastly, find the lines that set the user and group and change their values from "apache" to "nginx":

user = nginx
group = nginx

Restart php-fpm (sudo service php-fpm restart)

edited Feb 27 '19 at 06:30

answered Mar 08 '17 at 16:52

Nanhe Kumar

409
4
6

8

**listen.mode = 0666** - This is a massive security vulerability and exposes all data in the socket to all users. – NotoriousPyro Apr 25 '17 at 07:43
@ NotoriousPyro may be you have good solution share here – Nanhe Kumar Jul 16 '21 at 16:07
The solution is don't use 0666 – NotoriousPyro Jul 17 '21 at 17:10

score 2 · Answer 3 · answered Apr 27 '17 at 00:06

2

vim /etc/php-fpm.d/www.conf
change in this way
;listen.owner = root
;listen.group = root
;listen.owner = nobody
;listen.group = nobody

listen.owner = nginx
listen.group = nginx 

service php-fpm restart
service nginx restart

CentOS release 6.9 (Final)

answered Apr 27 '17 at 00:06

Gabo Ram

31
1

2

Welcome on the site! It is an unexplained config snippet, I can't see how would it answer the question. – peterh Apr 27 '17 at 00:36

score 0 · Answer 4 · answered Nov 24 '20 at 18:39

Please NOTICE (at least in centos 8) the user who you are assigning listen.owner and other stuff to it MUST be in the same POOL with the user for example given I am the foo user

[www] # WRONG | IN MY CASE I WAS UNDER www POOL SO IT WASNT WORKING FOR ME.
[foo] # CORRECT | THE POOL AND THE USER MATCHES.

listen.owner = foo
listen.group = foo
listen.mode = 0660
user = foo
group = foo

I dont know if there's a global pool but after hours of searching I finlly did it.

score 0 · Answer 5 · answered Jul 17 '21 at 03:19

0

Make sure the user for the run nginx-process has permission for access to php-fpm socket.

So there is my configuration on the AWS.

I guess run php-process and nginx-pool as your user, not as root user.

php-socket-own

nginx-config-user-run-pool

answered Jul 17 '21 at 03:19

Dylan Ngo

1
2

Permission Denied for fastcgi_pass using PHP7

5 Answers5