Thanks for reporting this. Nick sent me a private message and got me thinking as to what may have caused this. Well, this is a long term problem and we are supposed to have a workaround for it. Basically, /var/www/html is owned by the upstream httpd package and it will ALWAYS set the permissions back to root:root. Not a big issue except for the reasons you specify. As a workaround (not the best way but it works) we run a script nightly that is supposed to reset the permissions. We record what they are supposed to be in /etc/clearos/flexshare.conf and then run this script, nightly:
Ah...but it doesn't work right. I've validated this on 7.5 and it doesn't work there either. So this is a bug. I've reported it here:
You shouldn't have any issues with it until the next time that upstream updates the httpd package or if we can get the bug fixed first. That being said, the bug fix I'm proposing will require that you change a control here once in place.
Thanks for reporting this. If anyone wants to try and fix it in the community, feel free to send us a merge request.