If you are going to store private information, there is a lot more to it. Are you going to accept CC? Are you going to store it? Does the gateway requires the data to be passed through from your website?
Then you need to be PCI-DSS compliant. And if you don't want to pay for a licensed panel which certainly help you a lot in the management, I'm not sure if you should build that website...
File permissions depends on which PHP handler you are using (if you are using PHP). However, if only one website is being hosted on the server, it doesn't matter too much. As I understand it, file permissions are for security against other users on the same computer vs the rest of the internet.
Also, I would recommend using a control panel even if you are able to set everything up manually. It just makes things easier. And takes care of some of these questions for you. You don't have to use cpanel, I've had good experience with Virtualmin/webmin, once I got the hang of it.