erek at blumenthals.com
Sun Jul 13 22:12:58 MSD 2008
On Sun, 2008-07-13 at 19:43 +0200, Thomas wrote:
> Personally I created a dedicated user for running nginx and my
> applications. This enables me to log into my server through that user
> and do manual tweaking without messing around with permissions and
> root access.
I have the application files owned by one unprivileged user, and the web
server runs as a different unprivileged user. Login is disabled for the
web server user.
This way, the web server can't alter the application, and a user logging
into the system to edit the site need not be root.
If you have multiple people allowed to edit the live files, consider a
subversion repository, or failing that, a webmasters group, where all
the application files are g+w and owned by webmasters.
More information about the nginx