From f18e51f132bf02eff572f5274bc6c5150a06fd4e Mon Sep 17 00:00:00 2001
From: El RIDO <elrido@gmx.net>
Date: Tue, 19 Jun 2018 13:16:07 +0200
Subject: [PATCH] privilege separation, ensuring nginx may access it's own tmp
 folder and only read /var/www

---
 etc/nginx/nginx.conf                   | 2 +-
 usr/local/etc/php-fpm.d/50-socket.conf | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/etc/nginx/nginx.conf b/etc/nginx/nginx.conf
index 0d239eb..f91a0f3 100644
--- a/etc/nginx/nginx.conf
+++ b/etc/nginx/nginx.conf
@@ -1,5 +1,5 @@
 # Run as a unique, less privileged user for security reasons.
-user www-data www-data;
+user nginx www-data;
 
 # Sets the worker threads to the number of CPU cores available in the system for best performance.
 # Should be > the number of CPU cores.
diff --git a/usr/local/etc/php-fpm.d/50-socket.conf b/usr/local/etc/php-fpm.d/50-socket.conf
index 081fb58..e30a82a 100644
--- a/usr/local/etc/php-fpm.d/50-socket.conf
+++ b/usr/local/etc/php-fpm.d/50-socket.conf
@@ -1,5 +1,5 @@
 [www]
 listen = /run/php-fpm.sock
-listen.owner = www-data
+listen.owner = nginx
 listen.group = www-data
 listen.mode = 0660