I'm building an app using Django + PostrgreSQL + Nginx on Debian 6. The app has two separate components, that will later be on different machines.
Component A calls one function from Component B using a REST API. It has sensitive data stored that should be read-only by Component A, but writable by Component B.
Component B writes data sensitive data to Component A and receives data via its API
What I would like is to separate these components, so that exposure of Comp B does not lead to exposure of sensitive data in Comp A. In order to do so I was thinking about
having 2 instances of nginx running under different linux users. Then the user under which Component B is run can not see the settings.py
of Comp A, which would expose login credentials to A's database and encryption keys of stored data.
My question is, how can I set up nginx to run 2 instances, each one under its own user account? If possible, I would like to use only packages available in the standard Debian repositories, lest I lose automatic upgrades.