nginx – Permissions for static website files

The question is about best practices, not an exact problem.

What is correct ownership and permissions for static website files and directories?
I’m going to use root:<server-group> with permissions 640 for files and 750 for directories. So the server can read everything because of group permissions, but the regular user can’t modify the files accidentally or on purpose without explicitly using sudo.

Or maybe there is a better practice I’m unaware of? My approach looks a little overcomplicated.