I have encountered a permission error serving my files so I changed the
user www-data;
to
user root;
in the nginx.conf file.
Is there any risk to do so?
SnapOverflow
There are risks and it is not recommended at all. Enabling the setting you mentioned would lead to Nginx not dropping any privileges upon running its worker processes.
You may want to read "What are the security risks of running a daemon as root even though SELinux is enforcing?", which is partially related.
In the specific case of Nginx, over the last 11 years, there would have been the following vulnerabilities that would most likely have enabled someone to take over your whole machine: