permission error with php/nginx and not using www-data

-edit- whats even more curious is if i chmod 777 /var/run/php-fastcgi/php-fastcgi.socket this works... if its not www-data, php-www (nor root) then what user is trying to access the socket :|

-edit2- i added chown www-data:$FASTCGI_GROUP $SOCKET to the end of the script below (which is right after spawn-fcgi) and that solves the problem... but wtf, www-data is in the php-www group. why must it be owner. I didnt change FASTCGI_USER back to www-data bc it would defeat the purpose (it would allow the php files to access all my files as www-data which i dont want)

Essentially what i wanted to do is have the php process not be www-data so if it gets compromised its damage is limited to the very few php sites i have. What i did was create the user php-www and add its group to www-data. When i log in as www-data i can access everything ih php-www however php-www cant access anything but my php sites. perfect.

I got php+nginx running. But how changing it gives me a problem. I see www-data mention in a init.d script which changes the ownership of a folder. Its fine and i changed it to php-www. Thats not a problem.

What is the problem is the spawn script.

#!/bin/bash

FASTCGI_USER=php-www
FASTCGI_GROUP=php-www
SOCKET=/var/run/php-fastcgi/php-fastcgi.socket
PIDFILE=/var/run/php-fastcgi/php-fastcgi.pid
CHILDREN=6
PHP5=/usr/bin/php5-cgi

/usr/bin/spawn-fcgi -s $SOCKET -P $PIDFILE -C $CHILDREN -u $FASTCGI_USER -g $FASTCGI_GROUP -f $PHP5

the user/group lines use to say www-data but now i changed them to php-www

I started php-fastcgi and nginx. When i visit my site i get a 502 bad gateway error. When i look in nginx logs i see this line

connect() to unix:/var/run/php-fastcgi/php-fastcgi.socket failed (13: Permission denied) while connecting to upstream

Permission denied!?! why!?! www-data does have the group php-www and stat that folder and socket shows owner and group php-www. I can access the php file with bot php-www and www-data. Why am i get a permission error? and what am i doing wrong?

in case you want to see my process

# ps aux | egrep "php|www"

shows

www-data   548  0.0  0.1   1908   492 ?        Ss   18:08   0:00 /usr/sbin/fcgiwrap
www-data   586  0.0  0.1   1908   488 ?        Ss   18:08   0:00 /usr/sbin/fcgiwrap
php-www   1611  0.0  1.9  19312  5020 ?        Ss   18:20   0:00 /usr/bin/php5-cgi
php-www   1612  0.0  0.7  19312  1856 ?        S    18:20   0:00 /usr/bin/php5-cgi
php-www   1613  0.0  0.7  19312  1856 ?        S    18:20   0:00 /usr/bin/php5-cgi
php-www   1614  0.0  0.7  19312  1856 ?        S    18:20   0:00 /usr/bin/php5-cgi
php-www   1615  0.0  0.7  19312  1856 ?        S    18:20   0:00 /usr/bin/php5-cgi
php-www   1616  0.0  0.7  19312  1856 ?        S    18:20   0:00 /usr/bin/php5-cgi
php-www   1617  0.0  0.7  19312  1856 ?        S    18:20   0:00 /usr/bin/php5-cgi
www-data  1776  0.0  0.6   5428  1684 ?        S    18:27   0:00 nginx: worker process
php-www   1967  0.0  1.9  19312  5020 ?        Ss   18:40   0:00 /usr/bin/php5-cgi
php-www   1968  0.0  0.7  19312  1856 ?        S    18:40   0:00 /usr/bin/php5-cgi
php-www   1969  0.0  0.7  19312  1856 ?        S    18:40   0:00 /usr/bin/php5-cgi
php-www   1970  0.0  0.7  19312  1856 ?        S    18:40   0:00 /usr/bin/php5-cgi
php-www   1971  0.0  0.7  19312  1856 ?        S    18:40   0:00 /usr/bin/php5-cgi
php-www   1972  0.0  0.7  19312  1856 ?        S    18:40   0:00 /usr/bin/php5-cgi
php-www   1973  0.0  0.7  19312  1856 ?        S    18:40   0:00 /usr/bin/php5-cgi
root      2110  0.0  0.2   3300   736 pts/1    S+   18:55   0:00 egrep php|www