Re: Permissions on UNIX domain sockets
B.R. <reallfqq-debian@yahoo.fr> wrote:
> Nginx spawns its worker processes with the user 'nginx' who belongs
> to the 'www-data' group. But when Nginx tried to bind on the PHP-FPM
> socket, it encountered a 'permission denied' error.
Is the primary group for the nginx user "www-data" or something
else? Sometimes when a program changes its userid it doesn't assign the
non-default groups (see the getgroups(2) system call).
> The only workaround I found was to spawn the PHP-FPM UNIX socket with
> the 'nginx' user as owner (and thus restricting mode to 0600). The
> group permissions are now useless.
Try setting the group owner for the socket to be the primary group
(as listed in /etc/passwd) for nginx.
> One of my friend told me it was a genuine behavior of Debian but didn't
> explain it to me.
Just because it does the same for your friend does not mean it's the
correct behaviour. You might want to file a bug report against the nginx
package, and if the Debian maintainer can confirm it's the same upstream
they'll take it back to the developers.
Chris
Reply to: