So,the typical situation is like that: webserver (in this case nginx) works under the www-data user.
And then there is also 'konrad' user, which is just an ordinary user.
And now, the whole website (/var/www/html/cool-site) has the owner: konrad, and group: www-data.
Files are mostly 750.
And that is fine (I guess). But... now I have a situation, where another user comes in. Lets call him 'mike'. And now, what I want to achieve, is that he wants to be able to modify files owned by me, and I want to be able to modify files owned by him.
Or, better yet - I, as an admin, would like to decide, for every directory(?), file(?) that only I (konrad) or only him (mike) or both of us, can do the changes.
Obviously, we both should have the right to view the files and browse the directories.
What I was thinking about is this: create yet another group, like 'common'. Add 'www-data' user to this group. Add both of us (konrad and mike) to this group. And whenever I (or mike) decide that we both should have write access to this dir/file, we would chown it to this group, and the permissions would allow writing there. Then I realized that in this scenario, www-data would have write access to these directories/files.
So I'm stuck. I believe there is a solution, but I can't think of anything :)