[TarqDirtyToMe]

In theory, to make the temp/cache directories more secure I imagine

[dchest]

This would make sense if it created those directories, but IMHO it should fail to start if the path exists and isn't owned by www process. The function that does chown() is even called ngx_create_paths().

[discordianfish]

I agreed, would at least consider it a bug if not a security issue.

[TarqDirtyToMe]

Definitely bad behavior. Ideally, no one but privileged users should be able to edit the configuration imho but this opens the door for attackers.

[TarqDirtyToMe]

Completely agree. Time for a PR?