I have this 99% working, but I'm unclear on what the permission plan
should be.  My apache 2.2 config is

DavLockDB "/usr/pkg/var/DavLock"
Alias /org/gdt "/home/gdt/ORG"
<Directory "/home/gdt/ORG">
    Options Indexes

    AllowOverride AuthConfig
    Order allow,deny
    Allow from all

    DAV On

    AuthType Digest
    AuthName "org/gdt"
    AuthUserFile /home/gdt/ORG/.htpasswd

    <Limit GET PUT POST DELETE PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>
        Require valid-user
    </Limit>
</Directory>


I've set up ~/ORG to be 770 gdt.www, and mobileorg.org 660, so that
apache can write to it.  According to apache docs, I should have all
this data owned by the apache user, and not be reading/writing it with
scp/etc.

  http://httpd.apache.org/docs/2.2/mod/mod_dav.html

I would like to have a second mobileorg user on this system, and have
apache access both files via .htpasswd digest auth, and the system
prevent each user from reading the others.

Am I confused about this?  Any hints appreciated.