However, if your notes above are wrong and user1 is uploading with dreamweaver (664) and user2 is uploading with fugu (644) then it likely is the umask.
What's really strange is that if user2 uploads with Dreamweaver the permissions are set to 664. With Fugu it's 644.
Having the directory set to allow group writing and the sgid bit set is VERY insecure. Apache knows that and refuses to use insecure settings. You should reset the directory back to the proper permissions.
Thank goodness it's a development server then! :) However, I still want it to be secure and agree with you that the sgid bit needs to be set right. The problem is what are the proper permissions that need to be set (I'm sort of a n00b when it comes to file permissions obviously)
thanks! jay
