Wrong default permissions after composer install

[dooblem]

I believe that there is a problem with the permissions set by many modules.
I checked some of our productions platform this morning and they all have this permission problem.

And setting the permissions with the find command as documented will only fix the group permissions, not the permissions for other users.

Preconditions

1. magento 2.3.4 composer installation

Steps to reproduce

1. Check that you umask is correct, otherwise set it to distribution default:
   $ umask
   0002
   $ umask 0002
2. composer create-project --repository-url=https://repo.magento.com/ magento/project-community-edition

Expected result

1. No file should be world writable. The following command in the project should return no result:
   find -perm -o+w -not -type l

Actual result

1. $ find -perm -o+w -not -type l | wc -l
   45415

Sample file with wrong permissions:
-rw-rw-rw- 1 x2i www-data 1370 Feb 4 10:28 vendor/magento/magento2-base/index.php

Sample file with good permissions:
-rw-r--r-- 1 x2i www-data 2378 Feb 4 2020 .vendor/magento/zendframework1/library/Zend/Date/DateObject.php

[magento-engcom-team]

@dooblem, thank you for your report.
We've created internal ticket(s) MAGETWO-86558 to track progress on the issue.

[magento-engcom-team]

@dooblem, thank you for your report.
We've acknowledged the issue and added to our backlog.

[m2-assistant]

Hi @engcom-Alfa. Thank you for working on this issue.
Looks like this issue is already verified and confirmed. But if you want to validate it one more time, please, go though the following instruction:

• 1. Add/Edit Component: XXXXX label(s) to the ticket, indicating the components it may be related to.

• 2. Verify that the issue is reproducible on 2.4-develop branch

  Details

  - Add the comment @magento give me 2.4-develop instance to deploy test instance on Magento infrastructure.
  - If the issue is reproducible on 2.4-develop branch, please, add the label Reproduced on 2.4.x.
  - If the issue is not reproducible, add your comment that issue is not reproducible and close the issue and stop verification process here!

• 3. If the issue is not relevant or is not reproducible any more, feel free to close it.

---

• Join Magento Community Engineering Slack and ask your questions in #github channel.

[magento-deployment-service]

Thanks for opening this issue!

[magento-deployment-service]

Thanks for opening this issue!