See http://drupal.org/node/10658 and specifically the (in core for a while now) http://drupal.org/files/issues/fileperm_0.patch. I haven't had a chance to check to see if this stuff has changed, or what the installer is doing.
Ah, interesting. The installer recommends that you do make it read-only: // Warn about settings.php permissions risk $settings_file = './'. conf_path() .'/settings.php'; if (!drupal_verify_install_file($settings_file, FILE_EXIST|FILE_READABLE|FILE_NOT_WRITABLE)) { drupal_set_message(st('All necessary changes to %file have been made, so you should now remove write permissions to this file. Failure to remove write permissions to this file is a security risk.', array('%file' => $settings_file)), 'error'); } So, my bad. I don't see why, however, you couldn't turn it back to write, add your extra databases, then turn it back to read only. -- Morbus Iff ( I'd prefer my past to be multiple choice. ) Technical: http://www.oreillynet.com/pub/au/779 Culture: http://www.disobey.com/ and http://www.gamegrene.com/ icq: 2927491 / aim: akaMorbus / yahoo: morbus_iff / jabber.org: morbus