Thanks for the feedback. I did check with other production sites I run, and most of them are owned by root. I have to test to see "if you want to use the "wordpress" to upload a theme using the site UI", I think you might be forced to have the www-data own and being able to write to theme folder. If you don't you would have to sftp the theme there and unzip it manually.