Correct datastore permissions?

I am trying to make sure my server is secure. I have been running this for a month or so as is and am wanting to double/triple check everything before I start adding files that are important.

The server is internet facing. I have it installed on a Rock64 board w/ 4GB ram, os is Ubuntu headless on Armbian, os is on a eMMC card, datastore is on a USB 3.0 HDD.

I found this-
It says, "This should be done immediately after the initial installation and before running the setup."
I am not sure if I did that or not. When I run ls -la / I get:
drwxrwx— 8 www-data www-data 4096 May 21 01:21 datastore

Are those permissions correct?

Thank you for your help guys!


In NC 9 the recommendations were a bit different and more restrictive. Advantage then was that even the webserver user could not change certain files, however this is necessary for the automatic update procedure (or you have to change the permissions manually before and after an update.

Awesome. I am willing to change permissions for upgrades. What are the most secure permissions for the /datastore/ folder?