If you run all your websites with the same user ( www-data or nginx ), a PHP call to " system() / passthru() / exec() " will have access to all websites! Nginx will not protect you against this. PHP is just an example, but any popular web-server language has similar calls. 

As a hacker, you can “ls ..” to navigate through all websites and “cp / echo / mv ” to write your own code in any file ( including another website files ). Even if all websites on the server are owned by the same person, it’s advisable to run each website with a different user, as it will prevent eventual hackers / virus ( ex. WordPress viruses ) from accessing your other websites. 

How to Configure Different User Per Virtual Host on Nginx 

Considering that you are using PHP-FPM ( you probably are, as it is the most usual ), you can create a spool, owned by a different user, for each domain. 

1. Create Spools 

Add the spools to " /etc/php/{php-version}/fpm/pool.d/www.conf " or create a new .conf file for each new spool. 

#spool user1 and group1 
user = user1 
group = group1 
.. 
listen = /run/php/user1.sock 
.. 
listen.owner = www-data 
lister.group = www-data 
#spool user2 and group2 
user = user2 
group = group2 
.. 
listen = /run/php/user2.sock 
.. 
listen.owner = www-data 
lister.group = www-data 

2. Assign each spool to its server block 

#user1
server {
 	...
	location ~ \.php$ {
   		fastcgi_pass unix:/run/php/myuser1.sock;
 	}
 	...
}
#user2
server {
 	...
	location ~ \.php$ {
   		fastcgi_pass unix:/run/php/myuser2.sock;
 	}
 	...
}

3. Restart PHP-FPM and Nginx 

sudo /etc/init.d/php7.0-fpm restart
sudo sytemctl restart nginx

4. Testing

You can do test using " exec('whoami'); " on your running website.