ISPConfig error 500 after upgrade: PHP Fatal error: Uncaught InvalidArgumentExce...

A PHP application running on Nginx + PHP-FPM (PHP 8.3) was returning HTTP 500 errors. The logs showed a fatal error in a third-party PHP module:

PHP Fatal error: Uncaught InvalidArgumentException:
Please make sure the folder '/path/to/app/temp' is writable

However:

• The directory exists

• Permissions are drwxrwxrwx (777)

• Ownership is correct (same user as PHP-FPM pool)

• touch works as the same user

• Running is_writable() via CLI PHP returns true

But when accessed via PHP-FPM, is_writable() returns false.

The PHP-FPM pool runs under systemd with hardening enabled.

The issue was caused by systemd sandboxing in the PHP-FPM service unit:

ProtectSystem=full

This setting makes parts of the filesystem effectively read-only or alters how filesystem access checks behave inside the PHP-FPM runtime environment. As a result, is_writable() returned false inside PHP-FPM, even though filesystem permissions were correct and CLI PHP worked as expected.

Modify the systemd override for PHP-FPM:

[Service]
ProtectSystem=full
ReadWritePaths=/path/to/application

Then reload systemd and restart PHP-FPM:

systemctl daemon-reexec
systemctl restart php8.3-fpm

Result

After disabling or relaxing ProtectSystem, PHP-FPM correctly recognized writable directories and the application started working normally again.