Just sharing mine ... to each their own ...
Think the behavior of mysqldump is to lock tables as they are dumped.
Code doesn't change until you do git pull and apply.
Yep ... user/group would be different on Ubuntu (other Linux) ... mine is CentOS 7. And also different between shared hosting and a VPS.
Have the up bash shell in code root ... only reason for that is shorter paths to cli scripts. There's also difference in hosting for path to php-cli I've discovered and on some systems actually have to use an alias in .bashrc for the root user to assure the script php blah commands find the correct php-cli version on systems that have things like EasyApache.
the only user that can see/exeute/edit up is root.
Anyone attempting remote browser pointed right at it wouldn't be able to see.
There's multiple ways of doing ... pick your poison!