Prestashop 1,7 security
This is my first time when I need to administer webstore server and I have a question. CMS that I use is Prestashop 1,7, OS Debian 9 and Apache webserver. Owner of the site folder and all subfolders is system user and the group is www-data. I run it on my VPS with full root access. Everything works perfect, but I have one security thought. For some folders (especially cache folders) Prestashop wants full rights: read, write and execute. It looks a bit risky for me - in case of any exploit, attacker can upload and execute scripts on my server. When I try to give folders only read and write rights, CMS doesn't work - it causes HTTP 500 error or generates blank pages. Is it normal that Prestashop needs all rights to some folders or is it my mistake in configuration?
I can add that I use Apparmor, but still I would prefer to not give webserver full rights to the folders.