Since the problem comes from the dynamic language PHP, you can create
several pools using different user/group pairs.
You could use 644 (or 640) permissions with user = PHP user on a specific
directory and group = Web server group with read-only permissions.
Raw idea of the big picture, There must be some details to check (such as
verify PHP isolation/jail/chroot inside pools).
My (quick) 2 cents,
---
*B. R.*
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx