Wordpress/User Permission Best Practice

Hi there,

I've followed the Linode setup guides and got domains/virtual hosts setup for a couple of sites. For one site however I am trying to use Wordpress, but I am having issues with uploading themes/using the editor. As I understand this is due to file access permissions, and on this forum and others I haven't found a definitive answer as to which is the best/most secure way of doing this (some suggest simply using chmod 777, doesn't seem sensible!).

Firstly I currently have all websites owned by the same user (the one setup in the Linode guide, it has sudo access). Is this a bad idea? Should I create another user which only owns the website folders, without sudo?

Also how should I go about allowing Wordpress to upload files/use the editor? I have read http://codex.wordpress.org/ChangingFilePermissions specifically the parts about chmod and the required permissions for the editor, but I'm confused about the user permission structure in general, especially groups and how wordpress uses this.

I am running a LAMP stack on Ubuntu.

Any help is greatly appreciated!

EDIT: I found this guide for an alternative host. http://articles.slicehost.com/2007/9/18 … ermissions">http://articles.slicehost.com/2007/9/18/apache-virtual-hosts-permissions

Would following this method be suitable? I.e. add the user to the www-data group, and then give all folders which need editing 770 permissions? Are there any security issues with this/should I still not use the sudo user for this?