Question about web/ folder permissions
 

I have a problem with self installing php software: generally, PHP runs under the www-data user, but the files uploaded by users are owned by webN.clientN, and writing/directory creation is not enabled for others, so the self-installing scripts (that create files and folders) fail... unless I manually chmod 777 to the web folder, which stinks from far away as a security hole.

Is there a way to setup ISPConfig to:
- have the correct permissions in place so www-data can write/create folders without root intervention
- at the same time not expose the files to all other users on the system?

You selected the wrong way of php integration in the site settings. You have to select suphp or php-fcgi + suexec when the php scripts shall be executed under the permissions of the website owner.

Thanks for the insight.

Problem is, many of my hosted applications are not compatible with fcgi, therefore I have to use mod_php.

1. Is SuExec compatible with mod_php?
2. Does the SuPHP option work out of the box (only by selecting it) or do I have to install/configure software?
3. Is SuPHP secure by itself, or do I have to turn on SuExec as well?
4. Is there a way to easily modify these existing sites or I can only select PHP mode when creating a new site?

mod_php has nothing to do with suExec.

If you set up your server according to our tutorials, then yes. :)
Yes.
No.
Yes, you can switch the PHP modes easily in ISPConfig.