This is a key security issue, but unfortunately many of the Joomla site-owners need guidance on this.
First, let's see what you should know:
Joomla is a typical LAMP (Linux/Apache/MySQL/PHP) application, even if runs on many other platforms too. The entire access rights "philosophy" is relying on the native environment's settings.