There are two separate issues. The first thing is the permissions at file system level in the system where the server is running.
A server (let's say apache) runs usually with a given userid. So, the permissions at file system level (those that you set with chmod) are only relevant for the apache user. If the user "apache" has +r on a given file, it will be able to serve. If the user "apache" has +w permissions on a file, it will be able to write into it. If the user "apache" has +x on a dir, it will be able to read and serve the contents of that dir (provided that the files inside that dir are readable as well.
However, how these permissions are handled by your served and presented to the world outside of the server is a completely different matter. The permissions at file system level are hard-requirements so apache can handle the files if needed. But then the scripts, interfaces, the server config and other stuff is what will decide if a given user, ip or whatever has the right to write on a given resource.