I'm trying to reconcile the advice I see on here with what I see recommended on this site:
The advice at the link above states that "the user is the linux system user that the process runs under. The code of your website is run as only one user - it may be the user of your webserver (which isn't really a good thing), or it may be a user specific to your site (which is much better)."
It goes on to say, "A good setup will have your server run as one user (let's call this user 'webserver') and your dynamic scripting language run (e.g. via FastCGI) as its own user (one user per site - let's call our first user 'site1')."
'site1' would be the name for the first site established with corresponding names for each successive site (site2, site3,...).
This is recommended to properly control access, with the webserver (e.g. Apache2 as 'www-data') grouped with site1 to provide the necessary access. This logic makes sense to me but appears to be in conflict with your recommendations. Is there a straightforward reason why the webserver should be made owner instead?