_www user and security

I’ve searched through countless webpages, discussion boards etc.

I have been having a problem for years with not fully understanding unix permissions in general and especially with regards to wordpress. All this time I have not been able to use the Admin panel to update wordpress, install themes, or install plugins for wordpress. I finally understand permissions much more, and the default permissions for wordpress. Long story short the quickest thing on my system to do is change the owner of wp-admin folder to the _www user (this is not a shared host) and everything works. However I have been looking for a definitive answer on if doing so creates a security risk. Can someone help me out with this?