In the installation notes it states that the file permissions for the following files and folders need to be set up a certain way:
chmod 666 config.local.php
chmod -R 777 images
chmod -R 777 skins
chmod -R 777 var
Can we change this to something more secure? This leaves a security hole open. A hacker could upload their own scripts and cause all kinds of problems. What are other users using for file permissions?
Yes, but depends on your hosting environment. Those settings yield the least number of support calls!
You can use 660 fo config.local.php, 644 for all other files and 755 for most all directories if you are running suPHP or fastCGI. If you are running in the old Apache mode then you will need your directories to be 775 and files set to 664.
Work with your host and tell them that everything in your store needs to be able to be written but a running PHP process in the store.