PHP-FPM permission problem after latest ISP upgrade
Problems applies to ISPConfig 3 running with NGINX+PHP-FPM. After the latest ISP + PHP upgrade, the security issue was fixed. The PHP changelog for this version has the following information under the FPM section: Fixed bug #67060 (possible privilege escalation due to insecure default configuration). (CVE-2014-0185)
As stated herehttp://websistent.com/fix-connect-to-php5-fpm-sock-failed-13-permission-denied-while-connecting-to-upstream-nginx-error/: The default value of the listen.mode was 0666 prior 5.5.12. To fix the CVE-2014-0185 vulnerability this was changed to 0660.
And actual bug. As a consequence, when a new website is added, the website user eg. web12 is not added to the owner of the WWW server process (in my case: grep 'user' /etc/nginx/nginx.conf is www-data). It results in the 502 error when trying to open any php file in the browser and the connect() to unix:/var/lib/php5-fpm/web12.sock failed (13: Permission denied) while connecting to upstream error in error.log of the client.
The fix is easy: add website user to WWW server process owner group (in my case: add web12 to www-data group). I think this should be added to the website creation script in ISPConfig 3.