I’m the server admnistrator.
I think I know what’s happen. I copied the files as SU, and after I used the chown command …
I think that if I upload the files via FTP our make SU “Site Owner”, this problem don’t happen.
Not accurately as it depends how your server is configured, whether it uses CGI or not etc.
But broadly speaking everything should simply have full public (global) Read access not Write. Only one folder “/data” needs to have Write access. That is explained in http://wiki.webtrees.net/en/Security