How do I set permissions for uploading media in WordPress? (Ubuntu 14.04.1, nginx 1.4.6)

I'm having trouble finding the correct permissions for running a WordPress site on my droplet. I followed this guide to configure the site: How To Configure Secure Updates and Installations in WordPress on Ubuntu

Configuration is as follows:

• Ubuntu 14.04, nginx 1.4.6
• nginx user is www-data
• /var/www/* is owned by wp-user:wp-user
• Directories are set to 755 and files to 644 (WordPress docs)

Secure updates and theme/plugin installations work as expected, but I receive the following error when attempting to upload new media through the web interface: Unable to create directory wp-content/uploads/2014/11. Is its parent directory writable by the server?

Any thoughts on how I can configure owners/permissions to allow this (while maintaining security)?

That does mean that php (wordpress) can read/write/delete anything in /var/www/* - that's hardly the secure. The php-fpm user should probably be www-data i.e. a user with no (by default) write permissions to your php application files.

@AD7six Leaving the php-fpm user as www-data, how would you recommend giving the process write access for uploading media and editing files through the theme editor?

I don't use or work on wordpress, but afaik wordpress will update files via ftp (the reason and purpose of defining ftp credentials) if it doesn't have write permissions (or possibly, simply if the owner of the files is not the user running wordpress) - that aught to take care of all structural changes such as upgrading WP or adding/editing a theme. For the specific folders that the php process needs write access to (wp-content folder? just cache and uploads? I don't know) - chown them to www-data. Definitely don't leave all php files writable to php.

@AD7six Good call. I'll update this answer accordingly.