I was in the need of having a defaut repogroup permission different than 'group.read' when creating them, when I realized by looking at the code that it was already possible but not exposed via the admin interface. The user model neither provided a default 'group.' permission.
Attached is a patch against RhodeCode 1.4.4 which implements that. It does a little refactoring like renaming 'default_perm' as 'default_repo_perm' in order not to be confused with the new 'default_group_perm'.
Warning : there is no DB migration to add the new default user permission ('group.read'), because I suck at Pylons. I tested my patch by running the following hack:
insert into user_to_perm (user_id, permission_id) values(1,5);
Warning2: I think a few i18n entries are missing, I just realized it while writing this very ticket.