There is no such thing as "correct permissions".
There's the permissions setup which was used as default in your installation.
There's the right permissions to use for YOUR security model
You appear to be using a security model which requires non-standard permissions, And you've not once mentioned 'users' or 'groups' let alone what your security model is.
As root, you should chown
/var/www to whoever should 'own' the directory (hint: it's neither root nor the apache uid) then set the group ownership appropriately (we can't tell from the information you've provided what that is - but again it's neither root nor the apache uid) then chmod o_rx
the directory.
Then please go learn a bit about Linux/Unix admin - try googling for "the rute"