Give the gift of Drupal. All merchandise is 50% off through 2016.
While we recommend to build custom platforms on command line, so you can control permissions and ownership, in fact Aegir and our own system maintenance scripts take care only about the ownership and permissions on the platform level sites/all and site level sites/foo.com, to make sure that everything there is group writable.
The problem is that Aegir nor our maintenance systems don't check/fix any permissions on the installation profile level, so they are basically left at their initial state, as after running Drush Make.
This obviously locks the write access there forever and for the Aegir system user only, which is not expected.