PHP-FPM rm Permission denied

Question

I have nginx+php-fpm and I need to delete folder recursively from php-script:

<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');
ini_set('display_startup_errors', '1');
$out = shell_exec('/bin/rm -vrf /data/vmail/test');
var_dump($out);

$out is NULL, but in error.log i receive

WARNING: [pool www] child 7210 said into stderr: "rm: "
WARNING: [pool www] child 7210 said into stderr: "cannot remove `/data/vmail/test'"
WARNING: [pool www] child 7210 said into stderr: ": Permission denied"

• PHP-FPM runs under user "nginx"
• NGINX runs under user "nginx"
• /data/vmail and all child folders are owned by vmail:vmail (chmod 770)

Supplementary groups exists:

# groups nginx
nginx : nginx vmail
# groups vmail
vmail : vmail nginx

Solutions

• If I chown /data/vmail/test to nginx:nginx it contents becomes deleteable. But /data/vmail/test still is not, as long as /data/vmail is owned by vmail:vmail I suppose.
• If I chmod -R 777 /data/vmail/test && chmod 777 /data/vmail the meant folder becomes deleteable.
• PHP-function rmdir() works (don't know why)! But recursive deletion for large folders is too resource-intensive

I don't consider these options as a solution. Also I don't consider a solution involving root user and /etc/sudoers or running php-fpm as a root. So... how is it possible to get /bin/rm working?

Additional info ##

• php-fpm.conf
• nginx.conf

Answer 1

Deleting content of a directory is a write operation in The directory. So the user that runs PHP needs write permission on /data/vmail.