I covered most of this here: How to diagnose and fix Ownerships and Permission issues. Have a watch of the video cause I animate and break it all down.
Owner: User that the Folder/File belongs to
Group: Group (of users) that you specify access to
Public: Everyone else
Example A (Private file)
You create a file my-amazon-wishlist.txt that contains your Amazon Wishlist. But you don’t want anyone else to see it, then it would look like this. Literally noone can access this file apart from the “craig” (or a superuser).
Permission Owner Group File
-rwx------ craig friends my-amazon-wishlist.txt
(In this scenario, the friends group is irrelevant because there are no rules set)
Example B (Friends can view)
Now you decide that you want any of your friends to be able to view the list:
Permission Owner Group File
-rwxr----- craig friends my-amazon-wishlist.txt
(This is where the friends group comes into play)
Example C (Friends can view and edit)
Now you decide that you want any of your friends to be able to view and edit the list:
Permission Owner Group File
-rwxrw---- craig friends my-amazon-wishlist.txt
Example D (Anyone can now view it)
So, it turns out that your friends aren’t buying you anything off your Amazon Wishlist, so you decide to let anyone be able to view it:
Permission Owner Group File
-rwxrw-r-- craig friends my-amazon-wishlist.txt
Remember PHP
A File Structure where Owner: magento and Group: www-data is ideal. Magento is a PHP Application. Therefore, it requires PHP to be able to access specific Folder/Files. PHP belongs to the www-data Group. This is why the below command works so well when you have to reset everything:
find var generated vendor pub/static pub/media app/etc -type f -exec chmod g+w {} + && find var generated vendor pub/static pub/media app/etc -type d -exec chmod g+ws {} + && chown -R :www-data . && chmod u+x bin/magento
Unless you’ve royally messed something up, there should never be a need to micromanage Owner/Group/Permissions of any of the folder or files.