It's usually launched as root and then drops its privileges for its workers. Unless... ;)

If you have write access to nginx.conf, you can set "user root root;"

Long ago in Linux if you wanted to listen on a privileged port (< 1024) you had to do so as root.