You must understand the meaning of XYZ chmod from file attribute.
X = Owner
Y = Group
Z = Everyone/World
If you set to XY4 then you give Everyone a "read" access! (even the
content inside a php file can not read by a browser, but still readable
by using ssh, ftp or file browser).
Since settings.php must be only read by your system then you must set to 440 or better 400 (if possible). Gives 440 to a file will protect everyone (except owner and group) to read this file using any access types.
If your website can not run with 440 then you have a seriously security hole!