Straight to the problem, I have configured nginx server on my VPS. And I have a lot of users added to my VPS. Nginx runs with group that I created "webmasters" and a user "some_user", also each user belongs to that group "webmasters", that is needed for server (nginx) to access some files in user web-folders. But the problem is that any user can access and read data from other users in "webmasters" group. I just can't figure it out, what is the best strategy for disallowing users to view their folders to others but nginx could access them.

First what I've done I set permissions of users web-folders so only owners (users them selves) can access, read and write their folders with web-pages (or else files). But after that I had a problem with displaying web-sites. That is I think because such files in public folders like images and .css where restricted to read.

Second is that I can set Nginx to run as root so if it needs it will access any folder, but I read that to run as root is not a very good idea.

Hope you people understood what Im trying to tell and thank's for your help in advance. Help me find the correct strategy! Im using Debian lenny.

i do not 100% understand the problem. is webmasters the primary group for all users? did you already had a look at the S-GID bit (http://www.library.yale.edu/wsg/docs...sions/sgid.htm)? or maybe you should have look at filesystem acls (setfacl/getfacl).