.htaccess in files dir is not set correctly #10
Description
The script assigns write permissions to the group for all files under web/sites/default/files, including the .htaccess file. Drupal Security Review subsequently complains that Drupal is able to execute PHP files in the files directory, because the .htaccess file itself is writable and can thus be altered to allow said PHP file execution.
Settings the permissions of the .htaccess file to rw_r____ (640) seems to fix the issue.