Locking down permissions on a RoR project

I am on a shared server (DreamHost). My RoR project contains
confidential information in the structure of its code, its logs, and of
course its mysql database.

W are the minimum chmod permissions to set so that the app is still
served correctly by Apache, but otherwise grants minimum world access?

Most just leave it at "chmod -R 755 rorfolder" but that's a bit too
open for my taste. Do I *have* to have all the code be o+r?

I'm assuming the user owns the directory

User owns the directory except ~/logs which is owned by root and used
for Apache logs.

I'm assuming the dispatch file is being suexeced so that could be 700.

Wrong on that count. No su access at all; dispatch is executed as user.

- Sai