Support

1. The correct permissions for that folder are 0755: owner user has full privileges, owner group and everyone else can only list the contents and read files from it. Anything else would make it impossible for your web server to deliver the file to the browser, triggering the warning in Akeeba Backup (that's exactly why it's displayed, because the Javascript that suppresses it cannot be loaded!).

2. These are also the default permissions for Admin Tools' fix permissions feature: 0755 for folders, 0644 for files. So it sounds like you changed something, breaking your site. Revert to the default permissions settings, save them and run the Fix permissions feature again.

3. This is a matter of how your web server and the underlying operating system works. Your web server is set up to run under a global user such as nobody or www-data for all sites hosted on that machine. However, each site runs inside an account owned by a different user. This creates a disparity between who owns the files and who accesses them through PHP. If you do not use the FTP layer, PHP -which runs inside your web server- is not the owner of some of the files on your site and as a result it's forbidden from changing their permissions.

For security reasons we VERY STRONGLY advise to NOT use this kind of software setup. It is DANGEROUS and it WILL lead to your sites getting hacked. It's 2018. For more than ten years it's been trivial to have each site run under its own user using a variety of method, ranging from suPHP (back in the olden days) to FastCGI (modern method) to virtualization (non-trivial). In all of these cases the owner of the file and the user the site runs under is the same, allowing the server administrator to apply proper account isolation. This means that should site A get compromised, site B is safe because site A cannot write into its files and the folder permissions on both sites prevent site A from even reading site B's files. This cannot be done when the web server runs under a global user.

As a result, the proper course of action is fixing your hosting to use per-site users and account isolation. Everything else is a temporary workaround.