I've been very confused as to how to set permissions and user/groups for my sites. It is particularly one of my weakest suits

My curent problem is that I often find myself running into a situation where if i view a particular page, it won't have permissions to write to cache or logs. At this point I'll set the ownership towards apache. Then, in other cases, if i try to run internal scripts, for example, I can't write to these cache/log files because i set them for apache.

Currently, my symfony2 files are all registered to me as a part of staff (Handonam:Staff). I've seen various people creating groups such as www-data, apache, etc, and using users such as theirselves (e.g. Handonam) or www as a part of those groups.

So my question is: For symfony2 and other web projects, what's generally the best setup for user/group setup so that both apache and myself can interact with these files, while maintaining decent security?