ScaleScaleScaleScale

Tips / Nginx


php5-fpm.sock failed (13: Permission denied) error

I recently upgraded some PHP packages on an Cloud VPS server and since that I noticed some errors on the hosted websites. The first thing I noticed was a 502 Gateway timeout error. And after reviewing the logs I found this:

[crit] 2963#0: *138 connect() to unix:/tmp/php5-fpm.sock failed (13: Permission denied) while connecting to upstream

The first thing I did to get the websites up and running asap was this:

Edit /etc/php-fpm.d/www.conf

nano -w /etc/php-fpm.d/www.conf

And set the listen line to look as follows:

listen = 127.0.0.1:9000

Then I switched back to :9000 port at PHP-FPM configuration and at each nginx virtual host configuration altering:

fastcgi_pass   unix:/tmp/php5-fpm.sock;

to be

fastcgi_pass 127.0.0.1:9000;

Reloaded nginx and php-fpm and the web was finally working.

But why php-fpm socket was failing?

And the problem was pretty simple: file permissions & owner.

What was the cause of the problem?

When I updated this php* packages, something changed and since that the php-fpm socket was created with this file permissions and owner:

[root@node3.server.com:~]ls -ahl /tmp/php5-fpm.sock 
srw-rw---- 1 root root 0 May  6 08:08 /tmp/php5-fpm.sock

That was the reason Nginx was not able to connect to the php-fpm socket.

In order to fix the php5-fpm.sock failed error follow these instructions

1) Make sure your virtual hosts nginx (.conf) files are using fastcgi_pass unix:/tmp/php5-fpm.sock; at the php-fpm configuration.

2) Edit nginx.conf file and make sure this variable is as follow:

user  nginx;

3) Edit /etc/php-fpm.d/www.conf file and set this variables as you see below:

listen = /tmp/php5-fpm.sock
listen.owner = nginx
listen.group = nginx

4) Reload your services:

service nginx reload
service php-fpm reload

All done, your websites now shouldn’t face any more 502 permission/owner issues because the socket has the same group as Nginx:

[root@node3.server.com:~]ls -ahl /tmp/php5-fpm.sock 
srw-rw---- 1 nginx nginx 0 May  6 08:08 /tmp/php5-fpm.sock

At this point, if you are still facing 502 Gateway timeout issues, check out this other post:

502 Bad Gateway Error

Popular search terms:

  • HowtoFixphp5-fpm sockfailed(13:Permissiondenied)error
  • unix:/var/run/php-fpm-errorpages sock
  • drupal8 php-fpm file permissions
  • php 5 6 fpm sock failed
profile

Esteban Borges

Linux Geek, Webperf Addict, Nginx Fan. CTO @Infranetworking

  • wynni

    I had the same trouble after upgrading php. I changed the permission on the /var/run/vhost.conf (debian) with the command chmod 0666, and added listen.mode = 0666 in the vhost.conf file.
    But I think this is a security risk. I don`t want to change the owner. I have for each vhost a linux user and this user is set in the config file.
    How do you manage this with different vhosts?
    So far I always used apache with suexec and fast-cgi.
    Thx
    Wynni

  • admin

    You don’t need to use 0666 on vhost.conf file. And even on the php5-fpm socket you don’t need to use 0666, I don’t do it, check out the file permissions in my example:

    [root@node3.server.com:~]ls -ahl /tmp/php5-fpm.sock
    srw-rw—- 1 nginx nginx 0 May 6 08:08 /tmp/php5-fpm.sock

    Regards

  • wynni

    Sorry for my bad english, but I mean 0666 on the /var/run/vhost.sock.
    For each vhost I have his own linux user.
    I would like to run the vhost.sock with the respective user. Bevor I updated, it still worked fine.
    I don’t know, am I totally wrong doing so?

  • Kai

    I did the steps but could not change the root becomes nginx 🙁
    can only be changed to nobody and website don’t work 🙁

  • Roman

    Fixed by changing this line in /etc/php5/fpm/pool.d/www.conf (Debian)
    listen.mode = 0666

  • admin

    @wynni

    If you use nginx as user and group owner of the socket, and use nginx as user of Nginx webserver (defined at nginx.conf) there is no need to use 0666 permissions.

    @Roman

    Thanks for that!

    Regards.

  • Christopher Venning

    Thank you, this solved my problem, but I have a question: how do I located the log files that contain the original Permission denied error? I don’t see it in /var/log/nginx/ or /var/log/php-fpm/ or anywhere else that I can think of? (Running in CentOS 6.5)

    Thanks again.

  • Anonyme

    Thanks very much. You ust saved my weekend! Thanks.

    My website fell after the update php. I added these 2 lines in my pool

    “listen.owner = my_user
    listen.group = my_user”

    and it rolls

    • jloomb

      same…… just wish i had found it earlier

      • jloomb

        oh yeah…… THANKS 🙂

  • Deepak

    Thank you so much. It helped.
    After realising that “telnet localhost 9000” is not working I re-installed php-fpm service.
    Then applied these changes and it worked.

  • Karim

    Thank you! That helped. Nevertheless it’s just gross to break the fpm-package like this during an update.. I’m disappointed.

  • IMHO if the pbm is only the ownership of the php-fpm-sock after an update you just need to change the owner with the right nginx user instead of root. (don’t neet to overwrite your conf)

  • Phil

    Thanks for posting this, you’re a lifesaver!

  • Improcket

    Thank you very much. I used it with php7 in /etc/php/7.0/fpm/pool.d/www.conf.

  • Federico Bruni

    For those who are running a web server with an user different from apache or nginx, beware of this settings in http://www.conf:

    ; When POSIX Access Control Lists are supported you can set them using
    ; these options, value is a comma separated list of user/group names.
    ; When set, listen.owner and listen.group are ignored
    listen.acl_users = apache,nginx

    So add your user there and forget listen.owner and listen.group.