And change the user and group in your www.conf to nginx.
If you still encounter problems afterwords you can check the ownership and SElinux configuration of your webroot folder. You can see the SElinux file context of a folder with the following command:
You can see the folder has httpd_sys_rw_content_t written in it’s context. This is telling SElinux it’s ok that the webserver/PHP can write and read in this folder.
So the following two commands are sometimes necessary for your webroot folder. I’ll use my nextcloud folder from above example.
Default php-fpm runs under the apache account and use /var/lib/php/session
This is perfectly fine, especially as most packaged web app expect this. Ex: nginx + php-fpm + phpMyAdmin (from EPEL) works out-of-the-box, without any configuration change.
If you change the user running the fpm pool, you MUST use other directories (ex /var/lib/php/user_session) in the pool configuration file and set the proper permissions.
As explained in the www.conf file (in recent versions):
; Set the following data paths to directories owned by the FPM process user.
;
; Do not change the ownership of existing system directories, if the process
; user does not have write permission, create dedicated directories for this
; purpose.
;
; See warning about choosing the location of these directories on your system
; at http://php.net/session.save-path
php_value[session.save_handler] = files
php_value[session.save_path] = /var/lib/php/session
php_value[soap.wsdl_cache_dir] = /var/lib/php/wsdlcache
;php_value[opcache.file_cache] = /var/lib/php/opcache
Else permissions will be restored to default (apache) during PHP update.
nginx runs under the nginx user and need read permission on static files
fpm runs under the apache user and need read permission on php files and write permission on some directories (session, temp, upload, …)
You can consider “apache” as the “www-data” of some other distributions.
So I should not have deleted the builtin apache user. That’s what I get for using google to configure my machine which generally suggests changing php-fpm user / group to nginx.
php-fpm has a fixed idea on whom should own files. It’s either nginx or apache, but pay attention to how it’s set.
What I found was a week of pain trying to switch it, only to have it reverted with each upgrade. Just go with what it’s chosen, set your perms regardless, and be happy.