Php unix socket permission denied

Permission Denied for fastcgi_pass using PHP7

It says Permission Denied. What’s wrong here? I’ve checked but I can’t seem to find what needs to be given what kind of permission. Thank you.

5 Answers 5

The php user was www-data but the nginx user was nginx .

Check php here: /etc/php/7.0/fpm/pool.d/www.conf

listen.owner = www-data listen.group = www-data listen.mode = 0660 

Nginx user was at /etc/nginx/nginx.conf

You can change nginx to use www-data user, or, as I did, add nginx user to the www-data group using sudo usermod -a -G www-data nginx

I have fixed same issue by taking following steps.

Open your www.conf files (Example : sudo nano /etc/php-fpm.d/www.conf) Lastly, find the lines that set the listen.owner and listen.group and change their values from «nobody» to «nginx»:

listen.owner = nginx listen.group = nginx listen.mode = 0660 

Lastly, find the lines that set the user and group and change their values from «apache» to «nginx»:

Restart php-fpm (sudo service php-fpm restart)

listen.mode = 0666 — This is a massive security vulerability and exposes all data in the socket to all users.

vim /etc/php-fpm.d/www.conf change in this way ;listen.owner = root ;listen.group = root ;listen.owner = nobody ;listen.group = nobody listen.owner = nginx listen.group = nginx service php-fpm restart service nginx restart CentOS release 6.9 (Final)

Welcome on the site! It is an unexplained config snippet, I can’t see how would it answer the question.

Please NOTICE (at least in centos 8) the user who you are assigning listen.owner and other stuff to it MUST be in the same POOL with the user for example given I am the foo user

[www] # WRONG | IN MY CASE I WAS UNDER www POOL SO IT WASNT WORKING FOR ME. [foo] # CORRECT | THE POOL AND THE USER MATCHES. listen.owner = foo listen.group = foo listen.mode = 0660 user = foo group = foo 

I dont know if there’s a global pool but after hours of searching I finlly did it.

Источник

php-fpm.sock failed (13 permission denied) – Fix it now

Are you seeing php-fpm.sock failed (13 permission denied) error in web server logs? We’ll help you fix it.

Often bad permissions or unavailability of the PHP-FPM handler results in these website errors.

Thus web server will not be able to communicate with the PHP FastCGI Process Manager or FPM.

At Bobcares, we resolve PHP-FPM errors as part of our Server Management Services.

Today, we’ll see how we resolve php-fpm.sock failed error and make websites working.

Where do we see php-fpm.sock failed (13 permission denied) error?

PHP FastCGI Process Manager (PHP-FPM) is a popular way of handling PHP pages. It allows a website to handle high loads. And, it works very well with high traffic websites too.

Usually, the php-fpm socket failure errors show up in the web server error logs as:

[crit] 4596#0: *138 connect() to unix:/tmp/php-fpm.sock failed (13: Permission denied) while connecting to upstream

On the website page, this would result in errors like 502 Bad Gateway or 503 Service Temporarily Unavailable.

Top causes for php-fpm.sock failed (13 permission denied) error

In general, PHP-FPM maintains a set of pools. These pools are workers available to respond to PHP requests. They will only execute PHP scripts as per the web server’s request. Finally, it sends the result back to the webserver. Thus, enabling PHP-FPM to service content will be quicker than usual methods.

However, when the webserver cannot communicate with the FPM handler, it eventually results in website errors.

Now, let’s see the top reasons for the PHP FPM socket failure.

Permission errors

One of the common reasons for the PHP FPM failure will be related permissions. When the permissions are wrong, the Apache or Nginx server will not be able to connect to the FPM daemon.

Recently, when a customer updated the PHP packages on his server, it reset the permissions of the files. The php-fpm socket was created with wrong ownership. Thus, the Nginx was not able to connect to the php-fpm socket.

The correct socket file permissions should be 0660

Often, extended access control lists also restrict access to the directory in which the socket lies. Thus, it makes php-fpm inaccessible for the web user.

Failed PHP-FPM service

Similarly, a failure in the PHP FPM service also can cause php-fpm.sock failed (13 permission denied) error.

In a cPanel server, a failed status of the cpanel_php_fpm status shows up as:

Support Engineers fix the PHP FPM socket errors and make website working.

PHP-FPM status

We begin by checking the status of the FPM status. On a cPanel server, we check it by using the command:

service cpanel_php_fpm status

If it is not running, we simply restart it.

/scripts/restartsrv_cpanel_php_fpm --stop /scripts/restartsrv_cpanel_php_fpm --start

Next, we check the error logs at /usr/local/cpanel/logs/php-fpm/error.log

It will show up any type of configuration errors. We correct these errors and make fpm running again. Here, we also check the memory usage of the server. Then add more memory in case of any resource constraints.

Correcting permissions of the socket

To fix the permissions of the socket file on an Nginx server, we did the following steps.

Edited the /etc/php-fpm.d/www.conf file and corrected these variables:

listen = /tmp/php7-fpm.sock listen.owner = nginx listen.group = nginx

Here, the webserver was running under the user nginx. So we set the php-fpm user as nginx itself. Then, we saved the file and restarted PHP FPM

sudo service php7-fpm restart

This corrected the permissions on the socket file.

[root@my.server.com:~]ls -ahl /tmp/php7-fpm.sock srw-rw---- 1 nginx nginx 0 Apr 6 08:08 /tmp/php7-fpm.sock

Finally, the website started working again.

[Need help to fix PHP FPM errors? We are available 24×7.]

Conclusion

In short, php-fpm.sock failed (13 permission denied) error happens due to incorrect PHP FPM configuration or service failure. Today, we saw how our Support Engineers fix the socket permissions and make the websites working.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

Источник

nginx and php-fpm socket owner

1 connect() to unix:/var/run/php-fcgi-vhostname-php-fcgi-0.sock failed (13: Permission denied) while connecting to upstream, client: xx.xxx.xx.xx, server: localhost, request: «GET / HTTP/1.1», upstream: «fastcgi://unix:/var/run/php-fcgi-vhostname-php-fcgi-0.sock:», host: «xx.xx.xx.xx»

The problem is caused by bad permissions of the php-fpm sockets used, in fact I see /var/run/php-fcgi.sock owned by root:root but nginx and php-fpm use as user www-data . I’ve already edited the php-fpm config at /etc/php-fpm.d/www.conf with:

listen.owner = www-data listen.group = www-data listen.mode = 0660 

but it doesn’t solve the problem and when i restart nginx and php-fpm the sockets are created with root:root as user/group. The only way I’ve found to fix it is to change the owner of the sockets to www-data:www-data manually. But this is not a real solution because everytime I restart my services I’ve to apply it again. How can I fix this problem? I’m on CentOS 6.5

Edit:

I use Ajenti-V to configure my vhosts and my PHP-FPM. It creates a new socket for each website/vhost, and them are set in /etc/php-fpm.conf They have this structure:

[vhostname-php-fcgi-0] user = www-data group = www-data listen = /var/run/php-fcgi-vhostname-php-fcgi-0.sock pm = dynamic pm.max_children = 5 pm.start_servers = 1 pm.min_spare_servers = 1 pm.max_spare_servers = 5 

listen.owner = www-data listen.group = www-data listen.mode = 0666 

Everything works correctly. So looks like the www.conf is not included (maybe?). This is my php-fpm.conf:

[global] pid = /var/run/php-fpm/php-fpm.pid error_log = /var/log/php5-fpm.log [global-pool] user = www-data group = www-data listen = /var/run/php-fcgi.sock pm = dynamic pm.start_servers = 1 pm.max_children = 5 pm.min_spare_servers = 1 pm.max_spare_servers = 5 [vhostname-php-fcgi-0] user = www-data group = www-data listen = /var/run/php-fcgi-vhostname-php-fcgi-0.sock pm = dynamic pm.max_children = 5 pm.start_servers = 1 pm.min_spare_servers = 1 pm.max_spare_servers = 5 

Источник

PHP socket_connect() Permission Denied

The Client actually get’s called from an AJAX request from a webpage in which it should connect to the server, grab some data, and then return that data back to the webpage. The ajax request is made in javascript. I’ve tested the client/server connection without the AJAX request and it works, but as soon as I attempt it with AJAX through the webpage the client returns «socket_connect() failed, reason: Permission denied» from the echo statement in the script. Maybe there is some little oversight I’m missing? I assume that Ajax is being called through httpd (apache). I’m sure it’s probably some type of file permission thing but I can’t figure out exactly what is causing it. Things I’ve tried thus far, Made sure safe_mode was off in php.ini, tried «setsebool -P httpd_can_network_connect on» to attempt to thwart SElinux, also tried «setenforce 0» which made no difference either. I tried changing the file permissions of /tmp and all subdirectories to 777 to no avail. I’m running out of ideas and thought maybe somebody had seen this issue before, I also looked at this, which is the file that my server is creating ->

[root@ip-000-000-000-000 tmp]# ls -lZa connection srwxr-xr-x. root root unconfined_u:object_r:user_tmp_t:s0 connection 

function communication (IP, MechanismID, CommandName) < $.post('php/connectDisconnect.php', < IP : IP, MechanismID : MechanismID, CommandName : CommandName >, function(data) < if(data.search("Error") != -1) alert(data); >); > 

Источник