Maybe we could add a $wg variable to LocalSettings.php specifying which chmod newly created directories should have? Another such variable for newly created files could be useful too.

Might be a little tricky with how much MW completely avoids these function calls.

In between includes/media/Bitmap.php:207/208 sounds like a good spot for chmoding. A similar area for other media types.

As for directory building, we already have a function which accepts a chmod, though it is used a bit much, and in pretty ugly ways:

includes/filerepo/FSRepo (6)
128: FSRepo::storeBatch: "if ( !wfMkdirParents( $this->directory ) ) {"
149: FSRepo::storeBatch: "if ( !wfMkdirParents( $dstDir ) ) {"
261: FSRepo::publishBatch: "if ( !wfMkdirParents( $this->directory ) ) {"
286: FSRepo::publishBatch: "if ( !is_dir( $dstDir ) && !wfMkdirParents( $dstDir ) ) {"
289: FSRepo::publishBatch: "if ( !is_dir( $archiveDir ) && !wfMkdirParents( $archiveDir ) ) {"
392: FSRepo::deleteBatch: if ( !wfMkdirParents( $archiveDir ) ) {"
includes/Math.php (2)
150: MathRenderer::render "if( !@wfMkdirParents( $hashpath, 0755 ) ) {"
220: MathRenderer::_recall "if( !@wfMkdirParents( $hashpath, 0755 ) ) {"
includes/media/Bitmap.php (1)
91: BitmapHandler::doTransform: "if ( !wfMkdirParents( dirname( $dstPath ) ) ) {"
includes/media/DjVu.php (1)
93: DjVuHandler::doTransform:"if ( !wfMkdirParents( dirname( $dstPath ) ) ) {"
includes/media/SVG.php (1)
59: SvgHandler::doTransform:"if ( !wfMkdirParents( dirname( $dstPath ) ) ) {"
includes/MessageCache.php (2)
113: MessageCache::saveToLocal: "wfMkdirParents( $wgLocalMessageCache, 0777 ); might fail"
134: MessageCache::saveToScript: "wfMkdirParents( $wgLocalMessageCache, 0777 ); might fail"
includes/specials/Revisiondelete.php (1)
1204: RevisionDeleter::makeOldImagePublic: "wfMkdirParents( $destDir );"

Perhaps we could make the 2nd parameter also accept a chmod class string. Something like 'imagedir' and it'll grab a predefined chmod for that group of files. Make one for 'imagedir' and another for 'messagecache'. Also, we may want a cleaner method for ensuring chmod settings of image files. We could either use a GlobalFunction or create another method inside of the generic media type and call that to do the work.

Partially fixed in r37756, allows customizing the default Chmod value. There's still some hardcoded ones here and there (a grep for 777 shows where), but I haven't touched those yet.

r38900 removed the last of the hardcoded 0777 values. Note that some hardcoded permissions still exist and need cleanup, but the request for non-777 permissions has been cleared up. See bug 11209 for the rest of the work on this.