I'm running a BaseX DB server on Linux, using a dedicated (unprivileged) system user who owns the BaseX directory subtree as well as the BaseX processes. To create a database, I'm using the basexclient script also running as my DB system user (sudo -u baseX bin/basexclient).

The problem is that newly created databases as described (running both server and client as system user baseX) are created with drwxrwxrwx permissions for the db subdirectory and -rw-rw-rw- permissions for the DB files. I assume such broad permissions aren't required in a server/client setup, running both server and client as an unprivileged system user. Anyone with file system access seems to be able to read / delete data, irrespective of any authentication on the DB level (because access on file system level is possible).

Is there a way to set default file permissions / restrict them to the system user who's running both server and client?