In bug 2697843, it was requested that setup.sh not mangle permissions. The nochown environment variable was mentioned as a possible solution. Unfortunately, that parameter only stops some of the permission modification from happening. In my environment, I have a dedicated user and group which owns the Webmin config files, and I would prefer to keep that ownership and permission structure intact through upgrades. Ideally, the user, group, and possibly permissions should be maintained across upgrades.
To reach that goal, I modified the setup.sh script to reference three environment variables (files_owner, files_group, files_perm) which can be configured through the setup-pre.sh script / set in the environment. It'd probably be preferable for those to be configured in config.pl and set during the web upgrade process, so everything can be maintained directly through the web interface - but I'm in a bit of a hurry this morning. :)
The way I locally use files_perm is to set the value to "g=u,g-w,o-rwx". That should provide pretty much all the flexibility needed without a significant impact to the defaults.