php_admin_flag magic_quotes_gpc on

Bad idea as magic_quotes should never be relied upon when coding scripts. Joomla 1.5.x certainly doesn't require it. magic_quotes will be removed in future versions of PHP so using it would be foolish.

php_admin_flag display_errors on

Displaying errors is fine for a test server but you certainly don't want to display errors on a live server. That only provides more ammo to would-be hackers.

Where you say :

...The “perfect” solution is to identify what paths Joomla and the components you’re using requires write access to and limit it to just those...

What is the "it" referring to? How do you limit it to just those files? How do you determine what paths the Joomla components are using?

Thank you!

The "perfect" solution is to identify what paths Joomla and the components you're using requires write access to and limit it to just those.

Also, rather than adding the "apache" group to psacln, you should instead add it to "psaserv" and change the group ownership for just those paths that are required. Finally, you'll need to modify the Apache init script to change it's umask

Add to /etc/init.d/httpd (or other Apache init script):

umask 002

This will ensure files created by Apache are group writable, which will allow the FTP user to still be able to work on those files.

Here you can see how to setup mod_suphp to work well on a PLESK server for Joomla, Drupal, or any other similar software. Hope this help.

I have not tested, but I think the following problem still remains:
1- Joomla/some other web application creates something on the disk
2- Now the file is owned by apache:apache
3- The dumb Joomla-"coder" comes complaining that he/she can not upload something (FTP) since the FTP process is user:psacln and the file/dir owner is apache:apache still
4- Already completely overworked admin needs to chown/chgrp, again, completely the same as before