So my set-up is as follows:
Apache runs as www-data:www-data
PHP runs as www-data:www-data
FTP users are username:www-data, so the files they create/change are user:www-data
From what I can tell, most things run fine because they are all in group www-data, and default permissions are rw-rw-r--, so the group www-data can read/write anything in my var/www directory.
I can edit theme files from within wordpress, but I can't upload media files (no temp directory) and I can't update plugins (asks for FTP).
define('FS_METHOD', 'direct'); in the config fixes the plugin update issue, but not the media uploading issue. I also would prefer not to edit the config file. If it works on other hosts without adding this to config, there should be a way to make it work on my server.
Mainly I'm asking for a way to fix it without changing wordpress. Maybe I'm thinking about the permissions the wrong way? My requirement for permissions are as follows:
FTP users upload to the server
Apache and PHP have permissions for those files
The main problem was I can't have everyone log into ftp as www-data, so I set all users' groups to www-data.