Description of problem: After updating php to 5.5.12 version stop working accesing from nginx to unix socket #content of file /etc/php-fpm.d/mikhail.conf [crmdev] listen = /var/run/php-fpm/crmdev.sock user = mikhail group = mikhail pm = dynamic pm.max_children = 50 pm.start_servers = 5 pm.min_spare_servers = 5 pm.max_spare_servers = 35 ;slowlog = /var/www/mikhail/logs/php-fpm-slow.log ;php_admin_value[error_log] = /var/www/mikhail/logs/php-fpm-error.log php_admin_flag[log_errors] = on ; Set session path to a directory owned by process user php_value[session.save_handler] = files php_value[session.save_path] = /tmp php_value[soap.wsdl_cache_dir] = /tmp #content of file /etc/nginx/conf.d/localhost.conf server { if ($request_method !~ ^(GET|POST)$ ) { return 200; } listen 80; server_name localhost; root /home/mikhail/www; error_log /home/mikhail/logs/nginx_error.log; access_log /home/mikhail/logs/nginx_access.log; location / { index index.php index.html index.htm; } #pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 location ~ \.php$ { fastcgi_pass unix:/var/run/php-fpm/crmdev.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } }
# ss -lp | grep php u_str LISTEN 0 128 /var/run/php-fpm/crmdev.sock 705591 * 0 users:(("php-fpm",pid=14178,fd=0),("php-fpm",pid=14177,fd=0),("php-fpm",pid=14176,fd=0),("php-fpm",pid=14175,fd=0),("php-fpm",pid=14174,fd=0),("php-fpm",pid=14173,fd=8))
To fix CVE-2014-0185, the Unix socket default permission have change (from 0666 to 0660). You have to set it using "listen.mode" (or change nginx / fpm user / group). Notice : - default configuration use network socket; so is not affected - explained on https://admin.fedoraproject.org/updates/FEDORA-2014-5960
I add listen.owner = nginx listen.group = nginx in file /etc/php-fpm.d/mikhail.conf and it solve this problem