Hi All, On one of my SuSe 9.0 Box, I've a distance learning platform based on php and MySQL. The web designers have ftp access to its folder (unfortunately they never use ssh) and I gave them access creating virtual users (I'm using proftpd). The permissions on this folder are the following (1001 and 1001 are my respective virtual user and virtual proftp group): drwxrwxr-x 6 1001 1001 4096 Jul 14 19:43 platform This platform allows the upload of files from the web. The problem is that when a file is uploaded, it takes the permissions of the apache owner, like the following: drwxrwxrwx 2 1001 1001 4096 Jul 15 14:30 . drwxrwxrwx 3 1001 1001 4096 Jul 12 19:16 .. -rw-r--r-- 1 wwwrun www 19456 Jul 15 14:29 prova.doc Which means that my ftp users are not able to work on those files. Also, to allow the upload of files, for the time being I gave write access to "the world" for this upload folder Any advice or security best practice regarding this problem would be appreciated Have a nice day Gael