Sigurd: I understand we should be giving write access to the webserver not all users. I read the details on the install successful page.
But for instance sake - imagine a user downloaded SilverStripe, he/she wants to upload it onto a webserver. The only access he/she has is via FTP, when he/she uploads everything into the hosting account, the default owner is the FTP user - not the webserver. The only way to give write access then to the webserver is to give write access to everyone.
Am I right or have I missed something out?
Also - I believe the only way to make sure the owner of the file in a Linux/Apache environment when assuming that the user will not have any other means to set file permissions other than FTP - is to create the file/directory using a php script.
Regards