i have an ftp server

in there i have a dir called upload
i set
chmod ugo=rwx upload/


let say user chad creats a folder in there

ls -alc
total 16
drwxrwxrwx 3 citrus root 4096 Jan 4 08:26 .
drwxr-xr-x 7 citrus 1000 8192 Jan 4 06:40 ..
drwxr-xr-x 2 chad users 4096 Jan 4 08:26 s

and then another user creats a dir

ls -alc
total 20
drwxrwxrwx 4 citrus root 4096 Jan 4 08:29 .
drwxr-xr-x 7 citrus 1000 8192 Jan 4 06:40 ..
drwxr-xr-x 2 citrus users 4096 Jan 4 08:29 d
drwxr-xr-x 2 chad users 4096 Jan 4 08:26 s


why is it that user chad can delete the d directory?
and how do i fix that?

Deleting files or directories, just like moving them, is restricted only by the permissions of the PARENT
directory in which they reside, not on their own permissions.
This can be explained via the way a Linux file system works (with inodes and stuff), but I won't go into details.

Since you've done a
chmod ugo=rwx upload/
you've given write access to everybody. This means that chad can move around and delete anything in that directory.
Note that this is of course extremely insecure.

An example: you put a file in there that has permissions u=rw only, owned by your user, in which you store
some secrets like passwords.
Chad can then do, using only FTP:
rename your_secret_file his_file
This actually "moves" the file from one name to the other, so it is permitted!
chown chad his_file
Since he has become the owner after the rename, he can change the permissions of the file, making it for
instance readable, so he can find out your secrets.

One solution can be to restrict the permissions on the "upload" directory, but this can - if done incorrectly - lead to a situation where uploading is also impossible.
A better idea is to configure your FTP server so that it defines more clearly what is allowed and what is not.