As someone who has provided shared hosting for a number of non-technical users for the past 5 years… I have things set up so that PHP runs as each user, so they naturally have the proper permissions. In that time, I have only encountered this problem once, and that was due to a custom CMS that allowed remote code execution via fopen wrappers.