OK, I think I have this right now Files in /etc/mtree show proper owner:group mode everywhere. Files inside of httpd chroot have same as outside. Added an sftp chroot directory inside of httpd chroot for external user. Thus they can upload and download, but do the work elsewhere. Nologin. Right now, these directories for individual websites have ownership of root:daemon, is that correct?
Thanks, Chris Bennett