Nginx and php are run by different users. Is this a bad idea?

Konstantin asked:

I just found out that my nginx user is not the same that is returned by (“php-user”). Both users are not root. However, I wonder whether this configuration might lead to problems in the future?

I am working on Ubuntu 12.04.

My answer:

It’s a perfectly fine idea, and improves the security of your server.

It means that PHP cannot write to data owned by nginx (or any other user) without world-write permissions (and you would NEVER EVER chmod 777 anything).

In my production web servers, nginx runs as user nginx while PHP runs as user www-data or something similar.

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.