How can we restrict dynamically nginx upload/download speed per user?
Yes, you can rate limit on a specific location.
location /something/ {
set $limit_rate 4k;
}
You can also surround the limite_rate with statements like if as well to dynamically control the rates. See this link for further details on limite rate: http://wiki.nginx.org/NginxHttpCoreModule#limit_rate
There is another module you should be mindful of: http://wiki.nginx.org/NginxHttpLimitZoneModule
That module allows you to set limits of connection count. So, even if you set a low limit, if they can just make 10 connections, your limit is rather meaningless.
I suggest you have private and public users get different links so that nginx can easily distinguish between the types of users and verify in your application layer for security.