To lock down the permissions on your WordPress install, from inside the WordPress site directory, run the below commands.
chown -R root:root .
chown -R nginx:nginx wp-content wp-admin/update.php wp-admin/update-core.php
Note, the above command assumes you are running under Nginx, if you are under Apache, please run the 2nd command replacing nginx with apache
The above command will change all the files in your WordPress root to the ROOT user, then change only the needed files back to user your web server is running as. This will allow you to update themes & plugins, and will also let you upload images, but you will not be able to update WordPress without changing the owner/group back to nginx on your WordPress root.
Running a secure git repository on FreeNAS is pretty straight forward, once you understand what your trying to do. If you have looked over my previous post “Creating a secure Git repository server” you understand that all you really need to do is connect to the git repository via ssh/ssl and copy back what you need. The hardest part of using FreeNAS is creating the keys.
To start out, you need to create a user account on the FreeNAS system. This will be a generic account that everyone who has write access will use. You may also create a account for each person, and grant each of them access to the central repository.
After you have your account, follow my post on “Enable SSH Key Authorization on FreeNAS” to copy over the SSL key and setup the account. Once you are able to log in as your FreeNAS git user, you may follow my previous post “Creating a secure Git repository server” to setup the git repository.