By proper use of directory ownership and group protections, it is possible to restrict the accessibility to a single group. This mechanism is demonstrated at
https://www.cs.rutgers.edu/demo/Users with access to the directory can see that they are accessible only by the corresponding groups.
The need for the path to the files to be publicly readable is avoided in this demonstration by making the directory of files owned by the user under which the http server runs. The users who need to be able to maintain the web pages get access to the protected directory via group access. If the directory is then protected 770, the world (that is, local users other than those in the specific group) cannot read those files locally. Since this requires privs to do, send an email to help on the machine on which you need the directory ownership changed (and reference this page so your request makes sense).