The following snippet from a sample configuration file illustrates how to protect an "upload" directory in such a fashion (which is a very good idea if you don't want people using your site for "warez"):
<Anonymous /home/ftp>
# All files uploaded are set to username.usergroup ownership
User username
Group usergroup
UserAlias ftp username
AuthAliasOnly on
RequireValidShell off
<Directory pub/incoming/>
<Limit STOR CWD XCWD>
AllowAll
</Limit>
<Limit READ DELE MKD RMD XMKD XRMD>
DenyAll
</Limit>
</Directory>
</Anonymous>This denies all write operations to the anonymous root directory and sub-directories, except "incoming/" where the permissions are reversed and the client can store but not read. If you used <Limit WRITE> instead of <Limit STOR> on <Directory incoming>, ftp clients would be allowed to perform all write operations to the sub-dir, including deleting, renaming and creating directories.