If you’ve just upgraded your web server to PHP-FPM you probably noticed that your web sites went down and your Nginx logs or whatever server you are using are giving you an error message that include the following statement:
connect() to unix:/var/run/www.sock failed (13: Permission denied) while connecting to upstream
To provide some context for this problem see http://www.openwall.com/lists/oss-security/2014/04/29/5
What was happening before is that the sockets were being created with a mode (permissions) of 0666 which makes it possible in theory for any web site to connect to them. This could be a security issue for shared hosting as an example.
So the security fix was to have PHP-FPM create the sockets with a permission mode of 0660 instead.
Now the problem with most default web server configurations is that the sockets are created under the root user while nginx or apache are running as a web server such as www-data. This means the web server is not able to read the PHP socket.
The solution is very simple which you can find at stackoverflow http://stackoverflow.com/a/23596317/1195553
You simply add the following 2 lines to your PHP-FPM web site configuration before or after you set the path to the socket itself.
listen.owner = www-data listen.group = www-data
This causes the the socket to be created with the owner and group of www-data which allows the web frontend to access the socket without any permission issues.