privilege separation, ensuring nginx may access it's own tmp folder and only read /var/www

etc/nginx/nginx.conf

@@ -1,5 +1,5 @@
 # Run as a unique, less privileged user for security reasons.
-user www-data www-data;
+user nginx www-data;
 
 # Sets the worker threads to the number of CPU cores available in the system for best performance.
 # Should be > the number of CPU cores.

usr/local/etc/php-fpm.d/50-socket.conf

@@ -1,5 +1,5 @@
 [www]
 listen = /run/php-fpm.sock
-listen.owner = www-data
+listen.owner = nginx
 listen.group = www-data
 listen.mode = 0660