CDNWiki - View Source: CyberLeo/WebPrivSep

* Each Web user has 2 users: fred and fred_www
* Each web user has one shared group: fred_www
* Website runs as fred_www:fred_www
* Any directories are 750 fred:fred_www
* Any files are 640 fred:fred_www
* Any directories or files that need to be written by the web user have g+w

Anything created by the webserver is chowned from fred_www:fred_www to fred:fred_www g+w to ensure the user can administer it; webserver should still be able to write to the file and delete it if necessary (given g+w on the directory hosting it)