user

The user directive in NGINX specifies the user and group privileges for the worker processes. This is crucial for security purposes, as NGINX will run as a non-privileged user rather than root, reducing the potential impact of vulnerabilities. The directive accepts one or two parameters: the first parameter is the user name and the second (optional) is the group name. If only one argument is provided, NGINX will use the default group associated with that user. For example, user nginx; sets the user to 'nginx' and uses the default group for 'nginx'. When specifying both parameters, it is structured as user username groupname;. This directive must be declared in the main context of the NGINX configuration file, typically in the nginx.conf file, before defining the events or http context.

The changes made by this directive will only take effect when NGINX is started or restarted. If the process has already been started, changing this directive will require a full stop and start of NGINX to take effect. Care should be taken to ensure that the specified user has sufficient permissions to access necessary files, directories, and resources, such as logs or document roots, but does not have overly broad access to maintain the principle of least privilege.