I noticed that nginx users tend to create a separate group and user for nginx. Why is this?
Further, the default path for the HTML public directory is /usr/local/nginx/html, but people use the home directory instead (e.g. /home/newuser/mysite.com/public). The same goes for log files and maybe some others. I suppose the reason is the same as for my previous question?
I'm basing this off a script called "centmin", mainly, but I've seen other resources follow the same trend.
Why this is, well, it's really not nginx specific, most every daemon gets its own uid/gid for security reasons. Whether you use a home dir or /usr is totally up to your choice, it more depends on the role of the machine -- with several users , each running from their home dir might make more sense, a dedicated machine might be better off from a system dir...
It's a Good Thing(TM) to have a daemon run on a dedicated unprivileged account. If the daemon ever gets exploited or turn rogue because of some bug, the damage will be limited to areas writeable by that user.
For discussion on placement of web root directory also take a look at /home/vhosts/ or /var/www/
Another reason for separation especially in Nginx auto installers like http://centminmod.com/ is that /home directory usually is the larger partitioned segment than /usr. And authors of such scripts don't know how end users partition their drives, they can't assume /usr has adequate disk free space. 99% of the time /home has the larger disk free space.
