nginx account setting - PuZheng/PuZheng-Docs GitHub Wiki

Say, if we have a web application named "bigidea", and nginx is running by
user 'www-data' (defined in nginx.conf), whose group is 'www-data', and all the web applications are put in '/srv/www', whose owner is 'www-data', and the group has the read permission

First, we create a user 'bigideauser'.

$ sudo useradd bigideauser -g www-data -d /srv/www -s /bin/bash

Why not just use 'www-data' as user? because it's too dangerous, say, if there are many teams in company which encourages dev-ops, and each team has its own web application, if they all have the 'www-data' accounts, they may modify other teams' applicaions.

Then, we make a directory 'bigidea', whose owner is 'bigideauser'.

When publish 'bigidea', just use 'bigideauser' to operate, nginx will get it.