I have a PHP script that creates directories (and files) according to user input and from a user root directory.
These users belong to a small group of about 20 (let's call these "main users")

The main users need to allow other users (selected by each main user) to write files to these directories by way of HTML textarea.

Main user needs to create a group for each directory created and add to it users that are accepted, there is a need to do this without "root" intervention (through scripts) and to make the files written to these directories RO after they have been written.

It looks like ACL could be the solution but it's only executable by root as I understand.

What could the options be?

Thank you for your help.

Since it is the script that needs the permission you can give the web server permission on sudoers (but then ensure that your authentication is good!)

I had never used this, it looks like it's what I need. Thank you.

I can't get it to work.
I have run visudo and the /etc/sudoers file has these 2 lines:
root ALL=(ALL) ALL
www-data ALL=(ALL) ALL
(Apache2 runs as www-data:www-data)

I added these 2 lines in the php script and tried some other variations that didn't work.
exec('sudo chown($name,chair)');
exec('sudo chgrp($name,meetings)');
What's the correct way of doing this?
Thank you for the assistance.

It's been a while since I did something like this but I think that you also need to add the NOPASSWD tag, so that you have something like the following in your sudoers file:

www-data ALL = NOPASSWD: useradd, groupadd

you may wish to add more commands, and you may need to add the full path.

for the paranoid:

do be aware that this solution will mean a vulnerable or malicious php or cgi script can probably root your machine; even if you restrict its sudo privileges to the commands useradd and groupadd, it's hard to say that those commands have no dangerous combination of arguments (e.g., can useradd add a user with uid 0?)