permission error with php/nginx and not using www-data

-edit- whats even more curious is if I chmod 777 /var/run/php-fastcgi/php-fastcgi.socket this works. If it's not www-data, php-www (nor root) then what user is trying to access the socket :| -edit2- I added chown www-data:$FASTCGI_GROUP $SOCKET to the end of the script below (which is right after spawn-fcgi) and that solves the problem, but I'm confused, www-data is in the php-www group. Why must it be owner. I didn't change FASTCGI_USER back to www-data bc it would defeat the purpose (it would allow the PHP files to access all my files as www-data which I don't want) Essentially what I wanted to do is have the PHP process not be www-data so if it gets compromised its damage is limited to the very few PHP sites I have. What I did was create the user php-www and add its group to www-data. When I log in as www-data I can access everything ih php-www however php-www can't access anything but my PHP sites. perfect. I got php+nginx running. But how changing it gives me a problem. I see www-data mention in a init.d script which changes the ownership of a folder. Its fine and I changed it to php-www. Thats not a problem. What is the problem is the spawn script. #!/bin/bash FASTCGI_USER=php-www FASTCGI_GROUP=php-www SOCKET=/var/run/php-fastcgi/php-fastcgi.socket PIDFILE=/var/run/php-fastcgi/php-fastcgi.pid CHILDREN=6 PHP5=/usr/bin/php5-cgi /usr/bin/spawn-fcgi -s $SOCKET -P $PIDFILE -C $CHILDREN -u $FASTCGI_USER -g $FASTCGI_GROUP -f $PHP5 the user/group lines use to say www-data but now I changed them to php-www. I started php-fastcgi and nginx. When I visit my site I get a 502 bad gateway error. When I look in nginx logs I see this line connect() to unix:/var/run/php-fastcgi/php-fastcgi.socket failed (13: Permission denied) while connecting to upstream Permission denied!?! why!?! www-data does have the group php-www and stat that folder and socket shows owner and group php-www. I can access the PHP file with bot php-www and www-data. Why am I get a permission error? and what am I doing wrong? in case you want to see my process # ps aux | egrep "php|www" shows www-data 548 0.0 0.1 1908 492 ? Ss 18:08 0:00 /usr/sbin/fcgiwrap www-data 586 0.0 0.1 1908 488 ? Ss 18:08 0:00 /usr/sbin/fcgiwrap php-www 1611 0.0 1.9 19312 5020 ? Ss 18:20 0:00 /usr/bin/php5-cgi php-www 1612 0.0 0.7 19312 1856 ? S 18:20 0:00 /usr/bin/php5-cgi php-www 1613 0.0 0.7 19312 1856 ? S 18:20 0:00 /usr/bin/php5-cgi php-www 1614 0.0 0.7 19312 1856 ? S 18:20 0:00 /usr/bin/php5-cgi php-www 1615 0.0 0.7 19312 1856 ? S 18:20 0:00 /usr/bin/php5-cgi php-www 1616 0.0 0.7 19312 1856 ? S 18:20 0:00 /usr/bin/php5-cgi php-www 1617 0.0 0.7 19312 1856 ? S 18:20 0:00 /usr/bin/php5-cgi www-data 1776 0.0 0.6 5428 1684 ? S 18:27 0:00 nginx: worker process php-www 1967 0.0 1.9 19312 5020 ? Ss 18:40 0:00 /usr/bin/php5-cgi php-www 1968 0.0 0.7 19312 1856 ? S 18:40 0:00 /usr/bin/php5-cgi php-www 1969 0.0 0.7 19312 1856 ? S 18:40 0:00 /usr/bin/php5-cgi php-www 1970 0.0 0.7 19312 1856 ? S 18:40 0:00 /usr/bin/php5-cgi php-www 1971 0.0 0.7 19312 1856 ? S 18:40 0:00 /usr/bin/php5-cgi php-www 1972 0.0 0.7 19312 1856 ? S 18:40 0:00 /usr/bin/php5-cgi php-www 1973 0.0 0.7 19312 1856 ? S 18:40 0:00 /usr/bin/php5-cgi root 2110 0.0 0.2 3300 736 pts/1 S+ 18:55 0:00 egrep php|www