Docker: mounting/sharing a single sock file?

I want to share php-fpm.sock between nginx and PHP. The way I’ve done this right now is like so:

services:
  nginx:
    build:
      context: .
      dockerfile: docker/nginx.docker
    ports:
      - '8080:80'
    volumes:
      - type: volume
        source: php_fpm_sock
        target: /mnt/sock
        consistency: delegated
        read_only: true
        volume:
          nocopy: true
    links:
      - php
    php:
      build:
        context: .
        dockerfile: docker/php.docker
      links:
        - mariadb
      env_file: .env
      volumes:
        - type: volume
          source: php_fpm_sock
          target: /mnt/sock
          consistency: delegated
          read_only: false
          volume:
            nocopy: true
volumes:
  php_fpm_sock:

i.e. I’ve moved the sock file from its usual location (/var/run/php5-fpm.sock) to /mnt/sock because I can’t figure out how to mount a single file and I don’t want to mount the whole /var/run dir.

Secondly, I’ve configured php-fpm as:

[www]
listen = /mnt/sock/php-fpm
;listen.owner = www-data
;listen.group = nginx
; php-fpm runs as `www-data`, nginx runs as `nginx`
listen.mode = 0664

i.e., I’ve given “other” full read privileges because the nginx user group doesn’t exist in the php-fpm container so I don’t know how else I can give permissions to just nginx.

This all feels pretty hacky. So my questions are:

  1. How can I share just the sock file between these two containers so that I can move the sock file back to /var/run/php5-fpm.sock
  2. How can I fix the read permissions on this file so that only nginx can read it? i.e. how can share linux user accounts across containers?

Source: StackOverflow