Welcome to Habari!
We'll try to make the wiki clearer on this point. Some of the
directions haven't been updated in a while, and when those were first
written, the SQLite db was placed in Habari's root. The location was
later moved to the /user subdirectory to further separate user files
from core files. In the same way, if you are running Habari in
multisite mode, the SQLite db is placed in the appropriate /user/sites
subdirectory, as is the mulitsite's config.php file. At some point,
the main site's config.php will probably be put in /user, also, rather
than Habari's root. A benefit of putting the SQLite file in /user is
that, after installation, you can make Habari's root and /system
directories read only. The directory were the db is has to remain
writable, as PHP needs to be able to create journal files in the
directory.
You're probably right about your applying the 777 only to the top
level of Habari's directory structure.
Who the webserver runs as (at least in the case of Apache), and more
specifically who PHP runs as, depends on how PHP is set up on your
server. If PHP is being run as an Apache module, it is running with
the same permissions as Apache, which will usually be different from
yours.If it is running as a CGI process, it is usually running with
the same permissions you have. As such, if you create a directory, for
example, by installing Habari, you are the director's owner. When PHP
tries to write to that directory, whether it can do so or not depends
on whether PHP is running as you or someone else. From the sounds of
it, PHP is running as and Apache module on your server.
Rick