|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #67244 Wrong owner:group for listening unix socket
Submitted: 2014-05-11 07:49 UTC Modified: 2023-01-13 10:35 UTC
Avg. Score:4.0 ± 0.7
Reproduced:4 of 4 (100.0%)
Same Version:1 (25.0%)
Same OS:3 (75.0%)
From: bugs-php at antipoul dot fr Assigned: bukka (profile)
Status: Closed Package: FPM related
PHP Version: 5.5.12 OS: Linux
Private report: No CVE-ID: None
 [2014-05-11 07:49 UTC] bugs-php at antipoul dot fr
After upgrading to 5.5.12 that fixes #67060, my FPM instances (I have two of them) since to be unreachable from my nginx web server.
I am using unix socket to communicate between nginx and fpm.
The sockets belong to root:root, which is NOT what is configured:

  user = www-data
  group = www-data

This are the settings for the running process, but later in the file, it says the following:
  ; Set permissions for unix socket, if one is used. In Linux, read/write
  ; permissions must be set in order to allow connections from a web server. Many
  ; BSD-derived systems allow connections regardless of permissions.
  ; Default Values: user and group are set as the running user

Unfortunately, sockets are created with root:root ownership.

The workaround is to modify the listen.owner or the directive.

Moreover, if I have the following configuration:
  user = www-data
  group = nas
  listen.owner = www-data

Then the socket is created with www-data:www-data ownership. This should be www-data:nas

See the www.conf ( and cloud.conf (


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2014-05-11 23:12 UTC] peter dot mescalchin at gmail dot com
Yeah this is somewhat related to my ticket basically the permissions for the socket have changed from 0666 to 0660 as of 5.5.12.

What I think has been happening in your case:

- The socket was always being created as root:root
- Since the socket WAS 0666 any process could hook into it (e.g. Nginx)
- Now that's no longer the case.

Also the comments around "Default Values: user and group are set as the running user" is a little confusing - it's NOT the user that the php-fpm childs will run as (user=/group=) but the user that starts the php-fpm daemon - which if from upstart/init.d/systemd will typically be root (and a good choice).

In your final example it's working as expected - the default group for the www-data user is www-data so it's using that. There is zero interaction between (user=/group=) and (listen.owner=/ settings.

In the end this all boils down to improvements in both PHP documentation and comments in php-fpm.conf. I have submitted a change to the PHP docs (to say that default is 0660 - not committed yet) - php-fpm.conf has some changes coming for PHP 5.6, but maybe this confusion you have here could be better explained.
 [2014-05-12 09:25 UTC] bugs-php at antipoul dot fr
In the commented file packaged by Debian, the default chmod is correct (0660).

But the other comment, regarding the owner of the unix socket is plainly wrong.

It could be modified, but I liked the idea where it just copies the settings from user/group. If the worker from FPM is run with a particular user/group, then the socket should belong to it…
 [2014-05-30 15:10 UTC] carl dot george at rackspace dot com
I agree that the comment is misleading.  Please clarify this in all versions, not just 5.6.
 [2019-08-28 12:19 UTC] bernard+php at rosset dot net
The misleading comment is still there, more than 5 years later. Reviewing old configurations I thought those listen.owner & directives were extraneous... which they were not.

Any hope to have those directives' comment fixed anytime soon?
 [2023-01-13 10:34 UTC]
Automatic comment on behalf of bukka
Log: Fix bug #67244: Wrong owner:group for listening unix socket
 [2023-01-13 10:34 UTC]
-Status: Open +Status: Closed
 [2023-01-13 10:35 UTC]
-Assigned To: +Assigned To: bukka
 [2023-01-13 10:35 UTC]
Thanks for the report and apology for taking so long to fix it. I have updated the comments so hopefully it all makes more sense now.
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu May 30 11:01:31 2024 UTC