## Description Helper image executes `umask 0000` which results in 777 for directory permissions and 666 for file permissions. This makes all directories and files in the build container writable by anyone and is not best practice. ## Proposal This proposal is to add a new feature flag similar to `FF_DISABLE_UMASK_FOR_DOCKER_EXECUTOR` to give ability to not run `umask 0000`. Instead, when the flag is on, in the build container change the ownership of working directory to UID and GID that belongs to the user defined with `USER` directive in the build image. ## Additional context The code in https://gitlab.com/gitlab-org/gitlab-runner/-/blob/511bf632bf402d92c9621625b2186cbc3b68752d/executors/docker/docker_command.go#L212-244 essentially: * Inspects what user/group is used with the image * Runs `chown` on the project dir with that image ## Links to related issues and merge requests / references https://gitlab.com/gitlab-org/gitlab-runner/-/issues/1736#proposal