This configuration guarantee proper directory security to prevent webserver files being listed in a security breach.
It reduces the chance of an attacker read configuration files inside the webservice, and get confidential data, as a database password.
If the permissions aren’t set, you will be vulnerable to directory listing, and attackers can edit files from the FTP, or directly connect to your SSH server via reverse shell, this recommendation correct a several webserver faults that can open a breach to attackers. And prevent the confidential config files from being read.
The NGINX config file must owned by root, only writable by owner, and not write and readable by others.
Set files and folders inside
/usr/share/nginx/ to be owned
by root and remove read and write permissions for other users.
Set read permissions to other users in the caches folders.
For this run the command
nginx -V and look for the directories listed below:
http_scgi_temp_path http_proxy_temp_path http_log_path http_fastcgi_temp_path http_client_body_temp_path error_log_path