I'm just setting up nginx on my web server, and I created a user account for it to use (nginx). However, it runs its worker processes by default as www-data. Is there any disadvantage to using www-data, or should I leave it at that? And who should the files be owned by? Also, the master process is owned by root (to open sockets, I believe). Is there any harm in this, and would it be better to give the nginx (or www-data, but I suspect not) users sudo permissions? In addition, is there anything else I should be doing to secure the server other than locking down the user and file permissions? I haven't installed PHP or MySQL yet, I'll worry about securing those when install them.
Thanks for your help; the webserver setup guides I've found so far didn't have any permission guidelines, but I'm certain I need to do something with them.