I have Magento 2.3.4 installed on a test server with Ubuntu 18.04 + nginx + php7.2. The website displays fine, until I run cli commands (e.g. setup:upgrade, setup:di:compile) that result in newly generated files. After running commands, the website (frontend + admin) are white screen. For some reason, the permissions for the generated and var directories are being reset, and new files are given incorrect permissions. I can fix the permissions, and the website displays fine. Until running commands again, and permissions again reset. I don't understand why the permissions won't stick.

Permissions:
I've run the following commands to set permissions, from my parent magento2 directory (my path = var/www/magento2):

find . -type f -exec chmod 664 {} \;
find . -type d -exec chmod 775 {} \;
find var generated vendor pub/static pub/media app/etc -type f -exec chmod g+w {} +
find var generated vendor pub/static pub/media app/etc -type d -exec chmod g+ws {} +
chown -R www-data:www-data .
chmod u+x bin/magento

Permissions prior to running commands (e.g. inside the generated directory):

drwxrwsr-x 4 www-data www-data 4096 May 11 09:29 .
drwxrwsr-x 17 www-data www-data 4096 Apr 17 15:31 ..
drwxrwsr-x 20 www-data www-data 4096 May 11 09:28 code
-rw-rw-r-- 1 www-data www-data 126 Mar 9 16:23 .htaccess
drwxrwsr-x 2 www-data www-data 4096 May 11 09:29 metadata

Permissions after running commands:

drwxrwsr-x 4 www-data www-data 4096 May 11 11:00 .
drwxrwsr-x 17 www-data www-data 4096 Apr 17 15:31 ..
drwxr-sr-x 20 root www-data 4096 May 11 10:59 code
-rw-rw-r-- 1 www-data www-data 126 Mar 9 16:23 .htaccess
drwxr-sr-x 2 root www-data 4096 May 11 11:01 metadata

File ownership/group:
This is where I think the issue may be - reason being, I always have to "sudo" my commands (even bin/magento), which is something I don't have to do in any of my other environments.

• I've tried setting it up as instructed by Magento Dev Docs (for two users, since this is our own server).
• Since I'm using nginx rather than apache, also followed Magento Dev Docs nginx instruction.
• I have my user (amanda) who I use to run commands. I've tried adding the user amanda to the www-data group and then assigning the owner:group as amanda:www-data to the magento2 directory. I also adjusted the user/group in the nginx config (nginx.conf) and php config (www.conf), then restarted nginx and php7.2-fpm.
  I've tried changing the owner:group to amanda:amanda (and adjusted nginx/php config, restarted).
• I changed the owner:group to www-data:www-data (and made adjustments). I got the same results with each of the owner:group configurations. The site works fine until commands are ran, then permissions reset.
• I've tried running commands as the www-data user.  Example:

  sudo -u www-data php bin/magento setup:upgrade

Other things I've tried:

• I've tried setting permissions on magento2 directory itself (not just within), and also the parent directory of magento2 (www).
• I've tried updating Ubuntu.
• I've tried logging into the actual desktop of the server, and running the command line from there.
• I've tried turning it off and back on again. And cursing at it. And sighing, a lot.

Things to note:

• I am not interested in setting permissions to 777 - I'd like to keep the setup as close to my production environment as possible.
• I have this same setup (Magento 2.3.4/Ubuntu/nginx/php7.2) on my local machine - it works fine, have not had any permissions issues. Both the site in question and my local were installed with composer from a backup of the production site.