• Each Web user has 2 users: fred and fred_www
  • Each web user has one shared group: fred_www
  • Website runs as fred_www:fred_www
  • Any directories are 750 fred:fred_www
  • Any files are 640 fred:fred_www
  • Any directories or files that need to be written by the web user have g+w

Anything created by the webserver is chowned from fred_www:fred_www to fred:fred_www g+w to ensure the user can administer it; webserver should still be able to write to the file and delete it if necessary (given g+w on the directory hosting it)