I'm a bit surprised your tool had access issues when it was running as root. Your solution may work initially, but I expect you'll see problems in the long run because of the way nginx workers interact with these files.
I can do some testing and try to come up with a better solution, but I don't imagine root:adm will be a workable solution.
