Does anyone have a robust solution for the problem that on Plesk (and both the control panels I've used prior to Plesk), PHP runs as a user (generally apache) which is not part of a site's group. This generally leads to the requirement that any directory where the CMS needs to write files have permissions of 777 - not good for security.

So far I've found a $proprietary plesk add-on called run PHP as user. Seems like a good option but I only have a production server, so trying to install it would be high-risk.

Would making apache a member of the groups psacln or psaserv work? psaserv is the group for all sites above their httpdocs directory, psacln for all files and directories below httpdocs.