That realy depends on how you do it.
Since youre not giving the group www-data write access, any php-injections and so on can not harm the system. Only "user"(in my example) has writing permisions.
We usualy dont give clients shell access - but if we would they would not be a part of the www-data group, so even if they would get out of the root-jail they would not acces the sites controled by "user". A normal ipsconfig account could coexist with such webmaster-controled accounts - and in fact the ownership can be reverted even if it has never been requested.
Of course is the webmasteraccount ("user") a weak point - I admit that. But the alternative is using the root account a lot - and that is even worse - and with proper security routines that should not be a problem.
The permisions updates - I don't find them. I guess they are under "system > server config> my.server -> Webb" - but I dont find such variable.
Last edited by tuxfan; 16th September 2012 at 18:46.