When file permissions are not setup the way it expects, WordPress cannot use the automatic upgrade feature and prompts you for FTP or SFTP credentials to perform any upgrade on a theme, plugin or the core WP files. This happens even when WordPress does have actual write permissions on the files that need to be upgraded.
This is somewhat frustrating and has driven many WordPress system administrators mad, as can be seen in numerous forum posts about this subject around the web.
The real solution to this problem involves not only giving WordPress adequate access to the files it actually needs to upgrade. WordPress also needs the owner of the script that performs the upgrade to be the same as the owner of newly created files. On seriously secured production sites, this is rarely the case, because system administrators often change filesystem-level ownership of the executable files to a different user than the Apache default user, to prevent hacking or hijacking of the site.
To allow automatic plugin install and upgrade to work out, you will however need to revert file ownership of 2 scripts in the WordPress wp-admin directory to be the same user as your default web server daemon:
This can usually be achieved with one of the following two command-line sequences, issued from the root of your WP installation (the first one if you installed Apache with Debian packages, the second one if you compiled it from sources):
sudo chown www-data wp-admin/plugin-install.php sudo chown www-data wp-admin/update.php
sudo chown apache wp-admin/plugin-install.php sudo chown apache wp-admin/update.php
Other than that, WordPress only needs to have write permission and file-creation permission (x) in wp-content/ and in the wp-content/plugins directory. (Depending on your specific setup, this can usually be achieved either by giving group-write permission on files in that directory with chmod -R g+w wp-content/plugins, or again changing ownership of all the files with chown -R www-data wp-content/plugins)