Ubuntu
php5 package

  1. Bug #1352617
  2. Comment #0

Comment 0 for bug 1352617

Revision history for this message
Thomas Ward (teward) wrote : php5-fpm UNIX sockets do not listen as www-data:www-data, cause 502s with webservers trying to use socket

*** NOTE: This only affects Precise based on my testing. ***

A security change to make the FPM listener have permissions 0660 has introduced an issue in Precise with how the socket is created. While this was resolved in later versions as part of Bug #1334337 (including in Trusty), this bug remains in Precise.

If a user changes the /etc/php5/fpm/pool.d/www.conf file's `listen` directive to `/var/run/php5-fpm.sock` (as an example), that socket file is created with owner and group of root:root. This means that the regression identified in Bug #1334337 still exists in Precise, even if this only affects customized configurations. When this happens, other web servers which run as www-data for their workers will be attempting to reach something that is owned by root:root, which (in nginx) will result in HTTP 502 Bad Gateway errors as "Permission Denied" errors.

The solution is to uncomment the `listen.owner` and `listen.group` directives in the www.conf file that ships with the package. With those changes, the socket is created as www-data:www-data instead of root:root.

I will attach a patch/debdiff later that may provide a resolution for this issue.

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: php5-fpm 5.3.10-1ubuntu3.13
Uname: Linux 2.6.32-042stab090.5 x86_64
ApportVersion: 2.0.1-0ubuntu17.6
Architecture: amd64
Date: Mon Aug 4 20:43:30 2014
MarkForUpload: True
ProcEnviron:
 TERM=xterm
 PATH=(custom, no user)
 LANG=en_US.UTF-8
 LC_MESSAGES=POSIX
 SHELL=/bin/bash
SourcePackage: php5
UpgradeStatus: No upgrade log present (probably fresh install)