Default file (and folder) permissions on Create

Hello community,

As far as I understand, when adding a new folder or document (through whatever instrument), they are created with “chmod 0755” for the folder and “chmod 0644” for the file.

In our environment, I would like to further restrict the access by restricting both to “chmod 0700” (e.g. manipulatable ONLY by the “fileOwner” which in our case is sufficient.
I tested the consequences with the “web interface”, the “webdav connection” and the “sync application - for windows”, and all can perfectly access these restricted files.

So my question is: Is there any place where we could “set the default permissions to 0700” for newly created folders and files?

thanks for any guidance here…

I’m not sure we set it explicitly (@icewind ?)

However if you restrict your datafolder to 700 then already on the FS level only the owner could cd into it.

@rullzer: thanks for the reply.

As per the “datafolder” remark, I found this

(see garethTheRed 's answer:
If you create a file underneath /foo/bar/baz which is readable by others and then create a hard link to this file in an accessible path, they’ll be able to read it regardless of the permissions on /foo/bar/baz.

So setting the DATAROOT directory is not “fully” satisfactory in this respect…

If NextCloud (server) does not set the permissions, then proabably the PHP default will be taken. However, in that circumstances it might be a nice idea to let the ADMIN decide on this

(or I could simply add that code to our implementation, if you help me find the right spot(s))

Is here something planed? I mean setting the permissions more restrective to increase the security but not at cost of usability?
Atm the data folder will set to 770 but subfolders to 750.