This is a two part question.
a) What file and directory permissions are the most efficient and secure (in your opinion) on a Linux server with multiple installations of WordPress?
b) How would one implement the above mentioned solution so that one administrator could edit/configure all installations with one account?
www-data:www-data /* chmod 755 */
Would mean that all installations share the same owner. Efficient but insecure since if one WordPress installation gets infected/hacked, they could all be at risk.
site-user:www-data /* chmod 755 */
Would mean that all installations have unique owners. Secure but not so efficient since administrator would have to use different accounts to manage the WordPress sites.
www-data:group-with-site-users /* chmod 775 */
According to my understanding this is as bad as the first solution even if it’s more efficient. It would enable any user to administrate all sites but would also put all sites at risk.
Could anyone give me any pointers in the right direction or share a solution that would solve my problems?