diff --git a/server/lib/classes/backup.inc.php b/server/lib/classes/backup.inc.php
index 7f072aacf1e1f79201eebecae19368e016bbbfc8..07ecdf11d0349d670e333a5879367e26f2e78f44 100644
--- a/server/lib/classes/backup.inc.php
+++ b/server/lib/classes/backup.inc.php
@@ -632,7 +632,14 @@ class backup
         elseif(file_exists($backup_dir.'/'.$filename) && file_exists($domain['document_root'].'/backup/') && !stristr($backup_dir.'/'.$filename, '..') && !stristr($backup_dir.'/'.$filename, 'etc')) {
             $success = copy($backup_dir.'/'.$filename, $domain['document_root'].'/backup/'.$filename);
         }
+        if (file_exists($domain['document_root'].'/backup') && fileowner($domain['document_root'].'/backup') === 0) {
+            // Fix old web backup dir permissions from before #6628
+            chown($domain['document_root'].'/backup', $domain['system_user']);
+            chgrp($domain['document_root'].'/backup', $domain['system_group']);
+            $app->log('Fixed old directory permissions from root:root to '.$domain['system_user'].':'.$domain['system_group'].' for backup dir '.$domain['document_root'].'/backup/', LOGLEVEL_DEBUG);
+        }
         if (file_exists($domain['document_root'].'/backup/'.$filename)) {
+            // Change backup file permissions
             chgrp($domain['document_root'].'/backup/'.$filename, $domain['system_group']);
             chown($domain['document_root'].'/backup/'.$filename, $domain['system_user']);
             chmod($domain['document_root'].'/backup/'.$filename,0600);
diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php
index 5f97ce6454d365b4fb8edf5e9aa20200421debec..c30e83bcc694e8d665aa5cddc918e8ac27348588 100644
--- a/server/plugins-available/apache2_plugin.inc.php
+++ b/server/plugins-available/apache2_plugin.inc.php
@@ -717,7 +717,7 @@ class apache2_plugin {
 		if(!is_dir($data['new']['document_root'].'/cgi-bin')) $app->system->mkdirpath($data['new']['document_root'].'/cgi-bin');
 		if(!is_dir($data['new']['document_root'].'/tmp')) $app->system->mkdirpath($data['new']['document_root'].'/tmp', 0770);
 		if(!is_dir($data['new']['document_root'].'/webdav')) $app->system->mkdirpath($data['new']['document_root'].'/webdav');
-		if(!is_dir($data['new']['document_root'].'/backup')) $app->system->mkdirpath($data['new']['document_root'].'/backup');
+		if(!is_dir($data['new']['document_root'].'/backup')) $app->system->mkdirpath($data['new']['document_root'].'/backup', 0755, $username, $groupname);
 
 		if(!is_dir($data['new']['document_root'].'/.ssh')) {
 			$app->system->mkdirpath($data['new']['document_root'].'/.ssh');
diff --git a/server/plugins-available/nginx_plugin.inc.php b/server/plugins-available/nginx_plugin.inc.php
index 5ab2bcba331aa6ebd41221caba0785c98bcc47b0..c4ab7c2665b899d80c111a6be21ffd8fe0e20352 100644
--- a/server/plugins-available/nginx_plugin.inc.php
+++ b/server/plugins-available/nginx_plugin.inc.php
@@ -561,7 +561,7 @@ class nginx_plugin {
 		if(!is_dir($data['new']['document_root'].'/ssl')) $app->system->mkdirpath($data['new']['document_root'].'/ssl');
 		if(!is_dir($data['new']['document_root'].'/cgi-bin')) $app->system->mkdirpath($data['new']['document_root'].'/cgi-bin');
 		if(!is_dir($data['new']['document_root'].'/tmp')) $app->system->mkdirpath($data['new']['document_root'].'/tmp');
-		if(!is_dir($data['new']['document_root'].'/backup')) $app->system->mkdirpath($data['new']['document_root'].'/backup');
+		if(!is_dir($data['new']['document_root'].'/backup')) $app->system->mkdirpath($data['new']['document_root'].'/backup', 0755, $username, $groupname);
 
 		if(!is_dir($data['new']['document_root'].'/.ssh')) {
 			$app->system->mkdirpath($data['new']['document_root'].'/.ssh');