fix back-end server permissions

[tbbooher]

we have way too much privilege in our current configuration

[dimofte]

Do you mean users' access to the database? Indeed, the development packages insecure and autopublish should be removed and proper publish and server methods should be used instead. Note that keeping them for a while would speed up changes in features. So I suggest to do this later in the development stage

[tbbooher]

got it -- but in due time. my first concern is in the ubuntu server. there are too many processes running as root which need to be run by less privileged users.