以不同用户身份运行 Nginx；更新 WordPress 返回“无法安装更新...”错误

这是我第一次尝试定制 Nginx，我已经在 Digital Ocean Droplet 上运行它了。我的站点文件位于/sites/rob_app.

• 一切都属于rob
• 所有文件都是0644
• 所有目录都是0755

我将 Nginx 运行的用户更改rob为nginx.conf.该网站运行，但如果我尝试更新 WordPress 或任何插件，则会收到以下错误：

Unpacking the update…

The update cannot be installed because some files could not be copied. This is usually due to inconsistent file permissions.: wp-admin/includes/update-core.php

Installation failed.

从 Nginx 错误日志来看，这听起来像是文件权限问题，但我正在运行 Nginx，并且rob我的文件所有者是rob：

2023/01/27 01:08:51 [error] 11253#11253: *6 FastCGI sent in stderr: "PHP message: PHP Warning:  copy(/sites/rob_app/subdomains/vril/public/wp-admin/includes/update-core.php): Failed to open stream: Permission denied in /sites/rob_app/subdomains/vril/public/wp-admin/includes/class-wp-filesystem-direct.php on line 309" while reading upstream, client: (redacted)), server: vril.robr.app, request: "POST /wp-admin/update-core.php?action=do-core-reinstall HTTP/2.0", upstream: "fastcgi://unix:/var/run/php/php8.1-fpm.sock:", host: "(redacted)", referrer: "(redacted)/wp-admin/update-core.php"

当我将所有站点文件的文件所有者更改为www-data并将 Nginx 运行的用户更改为 时www-data，我可以成功更新 WordPress 和插件，但是rob，如果/sites/不使用sudo.

我摸不着头脑为什么www-data像www-data文件所有者一样取消 Nginx， 但rob像rob文件所有者一样运行 Nginx（即使文件权限在切换之间没有改变）。

我的nginx.conf：

user rob;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
    worker_connections 1024;
}

http {
    sendfile on;
    tcp_nopush on;
    types_hash_max_size 2048;
    server_tokens off; 

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
    ssl_prefer_server_ciphers on;

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;

    # https://sysopstechnix.com/7-tips-for-nginx-performance-tuning/
    client_body_buffer_size 10K;
    client_header_buffer_size 1k;
    client_max_body_size 8m;
    large_client_header_buffers 4 4k;   
    ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;

    add_header Last-Modified "";    
}