Skip to main content

php-fpm not running as user specified in pool [Resolved]

I have an Ubuntu18.04 web server with nginx and php-fpm (7.2) installed.

There are 6 pools, each with their own user and group:

/etc/php/7.2/fpm# grep -r ^user * 
php.ini:user_dir =
pool.d/dev3.website.com.conf:user = dev3_app
pool.d/dev1.website.com.conf:user = dev1_app
pool.d/dev4.website.com.conf:user = dev4_app
pool.d/dev6.website.com.conf:user = dev6_app
pool.d/dev5.website.com.conf:user = dev5_app
pool.d/dev2.website.com.conf:user = dev2_app

/etc/php/7.2/fpm# grep -r ^group * 
pool.d/dev3.website.com.conf:group = dev3_app
pool.d/dev1.website.com.conf:group = dev1_app
pool.d/dev4.website.com.conf:group = dev4_app
pool.d/dev6.website.com.conf:group = dev6_app
pool.d/dev5.website.com.conf:group = dev5_app
pool.d/dev2.website.com.conf:group = dev2_app

Each site runs a laravel app, with the storage directory made group writable:

/var/www/dev3.website.com# ls -la
total 2236
drwxr-xr-x  20 root dev3_app    4096 Jul 17 21:39 .
drwxr-xr-x   9 root root        4096 Jul 17 21:33 ..
...
drwxrwxr-x   7 root dev3_app    4096 Jul 17 21:29 storage

nginx connects via TCP port:

server {
    listen         80;
    server_name    dev3.website.com;

    root /var/www/dev3.website.com/public;
    index index.php index.html index.htm;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location ~ [^/]\.php(/|$) {
        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        if (!-f $document_root$fastcgi_script_name) {
            return 404;
        }

        fastcgi_pass 127.0.0.1:9001;
        fastcgi_index index.php;

        # include the fastcgi_param setting
        include fastcgi_params;

        # SCRIPT_FILENAME parameter is used for PHP FPM determining
        #  the script name. If it is not set in fastcgi_params file,
        # i.e. /etc/nginx/fastcgi_params or in the parent contexts,
        # please comment off following line:
        fastcgi_param  SCRIPT_FILENAME   
        $document_root$fastcgi_script_name;
    }
}

With this configuration I get

The stream or file "/var/www/dev3.website.com/storage/logs/laravel-2019-07-17.log" could not be opened: failed to open stream: Permission denied

When I run chmod a+w on the storage directory it works.

I have also run ps -ef |grep php:

root      2468     1  0 00:53 ?        00:00:05 php-fpm: master process (/etc/php/7.2/fpm/php-fpm.conf)
root     11897 10961  0 22:12 pts/0    00:00:00 grep --color=auto php 

Question Credit: jdog
Question Reference
Asked July 18, 2019
Posted Under: Network
43 views
1 Answers

I am suspecting that it is running the "master process" as the root user but for each of the pools it runs the "worker" processes as the specified user. This is further supported by the fact that you had to chmod the logs directory in order to get it to work.

A troubleshooting step you could take is to have one of the sites write a file to /tmp/test and then check to see what user owns it.

You could also write a loop that sleeps for a couple of minutes inside one of the pool and then run your ps -ef | grep php command to see if the "master process" has spawn a process as the user you expect.


credit: varlogtim
Answered July 18, 2019
Your Answer