diff --git a/filemin/acl_security.pl b/filemin/acl_security.pl
index f3faaa124..7272af7e2 100644
--- a/filemin/acl_security.pl
+++ b/filemin/acl_security.pl
@@ -23,7 +23,10 @@ sub acl_security_form {
 	       [ [ 0, $text{'acl_root'} ],
 		 [ 1, $text{'acl_same'} ],
 		 [ 2, $text{'acl_user'},
-		   ui_user_textbox("acl_user", $access->{'work_as_user'}) ] ]),
+		   ui_user_textbox("acl_user", $access->{'work_as_user'})."&nbsp;".
+		       &ui_checkbox("acl_user_strict", 1, $text{'acl_user_strict'}.
+		           &ui_help($text{'acl_user_strict_desc'}),
+                       $access->{'work_as_user_strict'}) ] ]),
 	3);
 
     # Upload max
@@ -57,6 +60,7 @@ sub acl_security_save {
 	defined(getpwnam($in->{'acl_user'})) || &error($text{'acl_euser'});
         $access->{'work_as_root'} = 0;
         $access->{'work_as_user'} = $in->{'acl_user'};
+        $access->{'work_as_user_strict'} = $in->{'acl_user_strict'};
     }
     $access->{'max'} = $in->{'max_def'} ? undef : $in{'max'};
 }
diff --git a/filemin/filemin-lib.pl b/filemin/filemin-lib.pl
index 2bf37d87c..2fa09e5c1 100644
--- a/filemin/filemin-lib.pl
+++ b/filemin/filemin-lib.pl
@@ -41,20 +41,29 @@ sub get_selinux_command {
 
 sub can_write {
     my ($file) = @_;
+    # No restrictions for root
     if (&webmin_user_is_admin()) {
         return 1;
     }
-    # Check if the file is a symbolic link
-    if (-l $file) {
-        # Resolve symbolic link
-        my $resolved_file = readlink($file);
-        # If the link is broken, allow writing to the link itself
-        return -w $file if (!$resolved_file);
-        # Otherwise, check the resolved file
-        $file = $resolved_file;
+    # If strict check is enabled or if safe user check for write
+    # access explicitly
+    if ($access{'work_as_user_strict'} || $access{'_safe'}) {
+        # Check if the file is a symbolic link
+        if (-l $file) {
+            # Resolve symbolic link
+            my $resolved_file = readlink($file);
+            # If the link is broken, allow writing to the link itself
+            return -w $file if (!$resolved_file);
+            # Otherwise, check the resolved file
+            $file = $resolved_file;
+        }
+        # Check if the file itself is writable
+        return -w $file;
+    }
+    # Otherwise, allow writing depending on Unix permissions
+    else {
+        return 1;
     }
-    # Check if the file itself is writable
-    return -w $file;
 }
 
 sub can_move {
diff --git a/filemin/lang/en b/filemin/lang/en
index c47ddf9ac..7bee4a025 100644
--- a/filemin/lang/en
+++ b/filemin/lang/en
@@ -131,6 +131,8 @@ acl_work_as=Access files as Unix user
 acl_root=Root (grant with care to un-trusted users!)
 acl_same=Same as Webmin login
 acl_user=Specific Unix user
+acl_user_strict=Enable strict user ownership checks
+acl_user_strict_desc=If enabled, the user can only delete and move files they own. This differs from standard Unix behavior, where a user can delete or move any file within a directory they have write access to
 acl_euser=Selected Unix user does not exist!
 acl_epath=Path $1 does not exist
 acl_max=Maximum size for uploaded files