Quote Originally Posted by elija View Post
When I connect to your web site, I don't access the files on your server directly, the web server does it and it uses the www user (or www-data in some distros).

When you have the permissions set to 750, the web server has full access, read, write and execute to the files. It is generally recommended to only give the www user write access only to the areas it needs and never the web root. Unnecessary write access makes it easier for bad guys to exploit any vulnerabilities in the web site code.
Yes, but 775 is:

7 - owner full access
7 - group users full access
5 - others (web) read / execute. Meaning they can download the file, and scripts can run on them.

Since the web user is not part of the group, the '5' part is the only part that applies to it. So if I change that to 0, it doesn't even have read access. Right?