Hmm... I set up NextCloud on my storage VPS to replace my Dropbox account, but KeePass Touch can't sync with NextCloud, only Dropbox and FTP. I wonder how well the FTP option works. I doubt that I can make my NextCloud folder accessible via FTP. The next best thing is to add a local folder to NextCloud. The one small problem with that is that NextCloud (meaning www-data) needs write access to it, meaning that the FTP account would need to be an alias for the www-data account.
2) And if I make the FTP (login) account an alias for www-data, it's going to have access to everything the web server process does, and that's too much access. I would perhaps need to prevent shell logins for that account and lock down the FTP server so it doesn't permit access to anything except the user's home directory, and hope that the FTP server's security is solid enough to truly lock it down to that directory.
4) On UNIX, you can make folders writable by a group, but the default behaviour is that new files in that folder don't inherit those permissions. Many issues would be solved if there was an "inherit" chmod flag one could set on a folder in order to make its children inherit its group permissions and GID.
@thor there's the "sticky bit" for that although I'm not sure if permissions are kept or if only group is "sticky")
3) This would be a lot easier if UNIX and derivatives let you have folders where a given group of users can manipulate a specific folder and all its children, and any file or directory placed in that folder would inherit the permissions of the parent folder. That sort of thing is only possible to rig with Windows-type ACLs as far as I know.