Access restrictions to /mnt/archive

According to the manual the recommended access restrictions to /mnt/archive are as follows:

sudo chmod -R a+wrx /mnt/archive /mnt/upload

(page 33, manual v 2.0)

There are also plenty of other places where it is specifically recommended to have a 777 permission.
This is a bit of a security nightmare.

Are there any suggestions on how we can restrict this? Maybe place all probable users under a group and change the group ownership of the folders?

Apart from apache, sen2agri-services who else needs access to the folders?