- Each Web user has 2 users: fred and fred_www
- Each web user has one shared group: fred_www
- Website runs as fred_www:fred_www
- Any directories are 750 fred:fred_www
- Any files are 640 fred:fred_www
- Any directories or files that need to be written by the web user have g+w
Anything created by the webserver is chowned from fred_www:fred_www to fred:fred_www g+w to ensure the user can administer it; webserver should still be able to write to the file and delete it if necessary (given g+w on the directory hosting it)