Home / server / Questions / 777994
Accepted
julio
Asked: 2016-05-21 04:28:52 +0800 CST

Permission Denied for fastcgi_pass using PHP7

  • 772

I'm running LEMP with PHP7.0.

I've got this in my server block

fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;

But when I open the site, it returns a 502 Bad Gateway. Below is the error log.

*1 connect() to unix:/var/run/php/php7.0-fpm.sock failed (13: Permission denied) while connecting to upstream, client: xxx.xxx.xxx.xxx, server: example.com, request: "GET / HTTP1.1", upstream: "fsatcgi://unix:/var/run/php/php7.0-fpm.sock:", host: "example.com"

It says Permission Denied. What's wrong here? I've checked but I can't seem to find what needs to be given what kind of permission.

Thank you.

php nginx php7

5 Answers

  1. Best Answer

    I got it working.

    The php user was www-data but the nginx user was nginx.

    Check php here: /etc/php/7.0/fpm/pool.d/www.conf

    listen.owner = www-data
listen.group = www-data
listen.mode = 0660

    Nginx user was at /etc/nginx/nginx.conf

    This guided me: https://stackoverflow.com/questions/23443398/nginx-error-connect-to-php5-fpm-sock-failed-13-permission-denied

    • 40

  2. I have fixed same issue by taking following steps.

    Open your www.conf files (Example : sudo nano /etc/php-fpm.d/www.conf) Lastly, find the lines that set the listen.owner and listen.group and change their values from "nobody" to "nginx":

    listen.owner = nginx
listen.group = nginx
listen.mode = 0660

    Lastly, find the lines that set the user and group and change their values from "apache" to "nginx":

    user = nginx
group = nginx

    Restart php-fpm (sudo service php-fpm restart)

    • 8 
  3. vim /etc/php-fpm.d/www.conf
change in this way
;listen.owner = root
;listen.group = root
;listen.owner = nobody
;listen.group = nobody

listen.owner = nginx
listen.group = nginx 

service php-fpm restart
service nginx restart

CentOS release 6.9 (Final)
    • 2

  4. Please NOTICE (at least in centos 8) the user who you are assigning listen.owner and other stuff to it MUST be in the same POOL with the user for example given I am the foo user

    [www] # WRONG | IN MY CASE I WAS UNDER www POOL SO IT WASNT WORKING FOR ME.
[foo] # CORRECT | THE POOL AND THE USER MATCHES.

listen.owner = foo
listen.group = foo
listen.mode = 0660
user = foo
group = foo

    I dont know if there's a global pool but after hours of searching I finlly did it.

    • 0

  5. Make sure the user for the run nginx-process has permission for access to php-fpm socket.

    So there is my configuration on the AWS.

    I guess run php-process and nginx-pool as your user, not as root user.

    php-socket-own

    nginx-config-user-run-pool

    • 0