diff --git a/doc/sandbox.php b/doc/sandbox.php
index 7b08e00a26..189458a4a3 100644
--- a/doc/sandbox.php
+++ b/doc/sandbox.php
@@ -272,11 +272,18 @@ permissions of all files as shown in the above table.  This allows it to
 repair corrupted permissions.  <b>Note</b> that the BOINC installer will 
 <b>change all files</b> in the projects directory, the slots directory, and 
 all their subdirectories to <b>user boinc_master</b> and 
-<b>group boinc_project</b>.  This means that if a project file needs to be 
+<b>group boinc_project</b>.  This means that:
+<ul>
+<li>If a project file needs to be 
 executable by another project file, its executable-by-group permission bit 
 <b>must</b> be set.  The BOINC installer will <i>not</i> alter the 
 executable-by-user and executable-by-group permission bits of files in these 
 directories (though it will set these bits for the directories themselves.)
+<li>It is <b>critical</b> that all files and subdirectories under the projects 
+and slots directories have both their read-by-owner <b>and</b> read-by-group 
+permission bits set, and that all subdirectories have both their 
+executable-by-owner and executable-by-group permission bits set.
+</ul>
 </ul>
 </p>
 ";