nginx: Documented UID changes and how to run as an arbitrary user

nginx/content.md

@@ -118,6 +118,41 @@ web:
   command: [nginx-debug, '-g', 'daemon off;']
 ```
 
+## User and group id
+
+Since 1.17.0, both alpine- and debian-based images variants use the same user and group ids to drop the privileges for worker processes:
+
+```
+uid=101(nginx) gid=101(nginx) groups=101(nginx)
+```
+
+## Running %%IMAGE%% as a non-root user
+
+It is possible to run the image as a less privileged arbitrary UID/GID.  This, however, requires modification of %%IMAGE%% configuration to use directories writeable by that specific UID/GID pair:
+
+```console
+$ docker run -d -v $PWD/nginx.conf:/etc/nginx/nginx.conf %%IMAGE%%
+```
+
+where nginx.conf in the current directory should have the following directives re-defined:
+
+```
+pid        /tmp/nginx.pid;
+```
+
+And in the http context:
+
+```
+http {
+    client_body_temp_path /tmp/client_temp;
+    proxy_temp_path       /tmp/proxy_temp_path;
+    fastcgi_temp_path     /tmp/fastcgi_temp;
+    uwsgi_temp_path       /tmp/uwsgi_temp;
+    scgi_temp_path        /tmp/scgi_temp;
+...
+}
+```
+
 ## Monitoring nginx with Amplify
 
 [Amplify](https://amplify.nginx.com/signup/) is a free monitoring tool that can be used to monitor microservice architectures based on nginx. Amplify is developed and maintained by the company behind the nginx software.