Currently the debian package creates symbolic links from /usr/sbin/z-push-admin and z-push-top to their corresponding php files.
This means these PHP scripts will most likely be run as root.
In the past we at 1AFA have seen situations where doing this created problems, because the tools touched files that were afterwards no longer writable by the webserver user. (You could also argue that this is a security risk.)
Therefore in our private build of z-push we have created wrapper scripts that first su'ed to the webserver user and then ran the tools.
Is that something you are interested in to have upstream?