If the local disk storage engine is configured, the webserver may try to read/write from it, and the daemons may also try to read/write from it (primarily to perform garbage collection). If the two users don't both have full access to the files, one of these operations may fail.
Conceptually, the most consistent approach might be to write some bin/local-files-storage-engine read/write <some path>, and have the webserver sudo to that. However, that's messy and heavy and gross.
The daemons could also try to make some sort of call over Conduit, conceivably. This is probably OK from a scalability point of view because the local disk engine is inherently only appropriate at small scale. However, this is blocked by other Conduit work.
Another approach might be to adjust the umask when we write stuff to the local disk engine.
All of these solutions seem fairly bad.