Installation guides are not thoroughly clear on how to install WordPress on CentOS/Nginx, so that, a user can auto-update and install plugin from within WordPress without permission error hassles.
Debian based distribution guides recommend changing folder and file owner to www-data and adding HomeUser to www-data.
I have had a hard time finding who actually is the default user of nginx on CentOS. In the CentOS/LEMP guide we changed apache user to nginx in nginx.conf. That makes me think nginx should be the web server user on CentOS/Nginx.
Extrapolating the Debian guide here is what I think I should do on CentOS.
chown -R nginx:nginx wordpress/
usermod -aG nginx HomeUser
This should help me update WordPress using my HomeUser SSH login.
Next I am concerned about file permissions. Default folder permission of WordPress 755 and file permissions are 644. That will mean HomeUser which is added to group nginx will neither be able to write in folder group permission 5 equivalent to r-x or file group permission being 4 equivalent to r-- . These are WordPress recommended permission. WordPress recommends highly against 777 permissions.
What is the best possible thing I can do to maintain balance between usability and security?
Another question I have is who tends to be the owner of WordPress - web server user, mysql user, root user or home user?