I'm using different PHP-FPM pools with specific users each one. I just switched memcached to use a socket instead of tcp/udp ports (for many reasons including the recent attacks on the 11211 port).
I’ve modified the systemd unit file accordingly:
ExecStart=/usr/bin/memcached -s /var/run/memcached/memcached.socket -a 0770 -o modern
The socket is created with correct permissions:
$ ls -la /var/run/memcached/memcached.socket
srwxrwx--- 1 memcached memcached 0 Jul 5 15:41 /var/run/memcached/memcached.socket
Then I’ve included the php-fpm pool user into the memcached group so php can connect to the socket:
$ gpasswd pooluser memcached
Made sure it is:
$ groups pooluser
pooluser memcached
And finally I’ve configured the php script:
$memcached->addServer('/var/run/memcached/memcached.socket', 0)
The only reason I can think of is that PHP-FPM is using another user to establish the connection. The php extension fails to access the socket:
var_dump($memcached->addServer('/var/run/memcached/memcached.socket', 0))
// bool(true)
var_dump($memcached->set('key', 'value')
// bool(false)
If I change the umask to 0777 then it can connect, so it is not a configuration problem, it is a permissions problem.
I'm using another unix socket, to connect PDO() to mariadb (mysql), and I've checked and the mysql.socket has 0777 by default (at least I didn't configure anything for mariadb).
So should I give unix sockets 0777 permissions or not? In any case I'd like to figure out why php-memcached can't access the socket.
