So, you need to ensure all files can only be deleted by the owner, all
files created in the directory are in the same group as the directory
and, to the best of my knowledge, setuid is meaningless.
Ah, I see that it’s a freebsd machine… setgid is the default
functionality on that OS.
This may work, but a basic understanding of file permissions will
produce a more workable solution. Who runs the web server? That’s who
you need to set access up for.