oneofthejohns what i asked is to which exact files user needs write/read access to
Well, as you might have found out by now it needs access to various places. There will be lock directories be temporarily created in data/lock
, there will be a meta file written in data/meta
, there might be an attic file be created in data/attic
, there will be logfiles written in data/meta
, in some cases caches might be created in data/cache
. And of course the page it self is written on data/pages
.
But not only will your CLI user need access, you also need to ensure that those files are created in a way that your web PHP process can later read and write them.
So again: a proper umask and maybe sticky bit setup on the whole data dir is probably the best approach.