Omeka security, file permissions and good practises

Hi, i got some questions about Omeka security. Does Omeka have any security guide or good practises?
What are proper permissions for files ? Instruction says its 775 or 755 - for me its quite dangerous (specially xx5).
What about php fpm for omeka?
How can i translate other buttond/words to other language with .mo files ?

It’s probably best to make separate threads when you’ve got several unrelated questions. Regardless:

The proper/necessary permissions for files really differ based on your server setup… the documentation tries to just provide some simple broadly-applicable choices rather than getting too in the weeds.

In general, the bulk of the files need only be readable by the PHP process. Only the “files” folder and subfolders additionally require write access. Some servers execute PHP as a different user for every project or server user: in those cases you don’t need to grant any access whatsoever to other users. Typically in a well-administered sever there’s some commonality either in user or group between the “actual” user and the web server or PHP user. It’s only when there is no such commonality that things like granting permissions on the last digit of the mode become necessary.

PHP-FPM works fine with Omeka.

I’m not sure what your question about translation is really asking.