I had a problem with the PHP fwrite function not writing anything and I figured it was because of rights.
One apache process is run by root and several others by www-data:
$ ps -aux |grep apache
root 21239 0.0 0.3 222104 26524 ? Ss 02:31 0:00 /usr/sbin/apache2 -k start
www-data 21240 0.0 0.1 222316 13736 ? S 02:31 0:00 /usr/sbin/apache2 -k start
...
The web root directory was owned by root:root with no write rights for the group owner (755):
/var/www# ls -l
drwxr-xr-x 9 root root 4096 Feb 29 02:11 html
So I changed the group owner of the root directory to www-data and granted write rights:
/var/www# chown root:www-data html
/var/www# chmod 775 html
/var/www# ls -l
drwxrwxr-x 9 root www-data 4096 Feb 29 02:11 html
Now it worked. My question is if this is a proper and - most important - secure setup.