GitLab

Processes in user groups like www-data might create and share common files (like /dev/shm or sockets) that need to be read/write accessible in the group (mode_t 660). The effective file permission of O_CREAT is evaluated by mode & ~umask. That means, even if a process tries to create a file with 660 permission it will be downgraded to 640 as the default process umask is 0022. This patch will set the process umask to 0002 (that will only remove o+w permission).

Common tools like fcgiwrap or nginx are prepared in the same way already (umask 0002 or lower).