Right now Drupal is unusable with filesystem (POSIX) ACLs. It's been broken for years. This was previously #944582: ./sites/default/files directory permission check is incorrect during install AND status report and #1333390: file_prepare_directory() / is_writable() on Linux don't support ACLs which are/were doomed to failure.
Guidelines to reproduce:
- build a clean Drupal 8 development environment
- In sites/default,
- chown -R nobody files
- chmod -R 700 files
- setfacl -R -m user:apache:rwx files/
- setfacl -Rd -m user:apache:rwx files/
- Install Drupal 8
- Add a new Article (uploading an image should fail).
- change apache in step 2. for the username of your httpd server.
- step 4. needs to be confirmed or an alternative method proposed.