If you need to allow just one single user to access just one single directory, you are better off with using Posix ACLS (NOT regular owner, group and perms - that almost never works out right for www data)
Depends. On a multi-user server I maintain, where every user has a ~/public_html/ directory, I let apache run PHP scrips with suphp (www-apache/mod_suphp) so that files are not written with "www-data" or "apache" permissions, but fully belong to the users, like every other file they own. This means there's no need for ACLs or any other kind of permission setup.
