diff --git a/agent/app/api/v2/file.go b/agent/app/api/v2/file.go
index 179e065d8..90ccbded7 100644
--- a/agent/app/api/v2/file.go
+++ b/agent/app/api/v2/file.go
@@ -610,7 +610,7 @@ func mergeChunks(fileName string, fileDir string, dstDir string, chunkCount int,
 	dstDir = strings.TrimSpace(dstDir)
 	mode, _ := files.GetParentMode(dstDir)
 	if mode == 0 {
-		mode = 0755
+		mode = constant.DirPerm
 	}
 	if _, err := os.Stat(dstDir); err != nil && os.IsNotExist(err) {
 		if err = op.CreateDir(dstDir, mode); err != nil {
@@ -681,7 +681,7 @@ func (b *BaseApi) UploadChunkFiles(c *gin.Context) {
 	fileOp := files.NewFileOp()
 	tmpDir := path.Join(global.CONF.System.TmpDir, "upload")
 	if !fileOp.Stat(tmpDir) {
-		if err := fileOp.CreateDir(tmpDir, 0755); err != nil {
+		if err := fileOp.CreateDir(tmpDir, constant.DirPerm); err != nil {
 			helper.BadRequest(c, err)
 			return
 		}
@@ -692,7 +692,7 @@ func (b *BaseApi) UploadChunkFiles(c *gin.Context) {
 		if fileOp.Stat(fileDir) {
 			_ = fileOp.DeleteDir(fileDir)
 		}
-		_ = os.MkdirAll(fileDir, 0755)
+		_ = os.MkdirAll(fileDir, constant.DirPerm)
 	}
 	filePath := filepath.Join(fileDir, filename)
 
@@ -720,7 +720,7 @@ func (b *BaseApi) UploadChunkFiles(c *gin.Context) {
 	}
 
 	chunkPath := filepath.Join(fileDir, fmt.Sprintf("%s.%d", filename, chunkIndex))
-	err = os.WriteFile(chunkPath, chunkData, 0644)
+	err = os.WriteFile(chunkPath, chunkData, constant.DirPerm)
 	if err != nil {
 		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, buserr.WithMap(constant.ErrFileUpload, map[string]interface{}{"name": filename, "detail": err.Error()}, err))
 		return
diff --git a/agent/app/service/app_install.go b/agent/app/service/app_install.go
index cf354aaae..4468e5581 100644
--- a/agent/app/service/app_install.go
+++ b/agent/app/service/app_install.go
@@ -404,10 +404,10 @@ func (a *AppInstallService) Update(req request.AppInstalledUpdate) error {
 		return err
 	}
 	fileOp := files.NewFileOp()
-	_ = fileOp.WriteFile(installed.GetComposePath(), strings.NewReader(installed.DockerCompose), 0755)
+	_ = fileOp.WriteFile(installed.GetComposePath(), strings.NewReader(installed.DockerCompose), constant.DirPerm)
 	if err := rebuildApp(installed); err != nil {
 		_ = env.Write(backupEnvMaps, envPath)
-		_ = fileOp.WriteFile(installed.GetComposePath(), strings.NewReader(backupDockerCompose), 0755)
+		_ = fileOp.WriteFile(installed.GetComposePath(), strings.NewReader(backupDockerCompose), constant.DirPerm)
 		return err
 	}
 	installed.Status = constant.Running
@@ -856,7 +856,7 @@ func updateInstallInfoInDB(appKey, appName, param string, value interface{}) err
 			newFiles = append(newFiles, line)
 		}
 	}
-	file, err := os.OpenFile(envPath, os.O_WRONLY|os.O_TRUNC, 0666)
+	file, err := os.OpenFile(envPath, os.O_WRONLY|os.O_TRUNC, constant.FilePerm)
 	if err != nil {
 		return err
 	}
diff --git a/agent/app/service/app_utils.go b/agent/app/service/app_utils.go
index 656bdce6a..416f3caea 100644
--- a/agent/app/service/app_utils.go
+++ b/agent/app/service/app_utils.go
@@ -635,7 +635,7 @@ func upgradeInstall(req request.AppInstallUpgrade) error {
 		if fileOp.Stat(sourceScripts) {
 			dstScripts := path.Join(install.GetPath(), "scripts")
 			_ = fileOp.DeleteDir(dstScripts)
-			_ = fileOp.CreateDir(dstScripts, 0755)
+			_ = fileOp.CreateDir(dstScripts, constant.DirPerm)
 			scriptCmd := exec.Command("cp", "-rf", sourceScripts+"/.", dstScripts+"/")
 			_, _ = scriptCmd.CombinedOutput()
 		}
@@ -678,7 +678,7 @@ func upgradeInstall(req request.AppInstallUpgrade) error {
 				return err
 			}
 			newConfDir := path.Join(constant.DataDir, "www", "conf.d")
-			_ = fileOp.CreateDir(newConfDir, 0644)
+			_ = fileOp.CreateDir(newConfDir, constant.DirPerm)
 			oldConfDir := path.Join(install.GetPath(), "conf/conf.d")
 			items, err := os.ReadDir(oldConfDir)
 			if err != nil {
@@ -732,7 +732,7 @@ func upgradeInstall(req request.AppInstallUpgrade) error {
 			return err
 		}
 
-		if err = fileOp.WriteFile(install.GetComposePath(), strings.NewReader(install.DockerCompose), 0775); err != nil {
+		if err = fileOp.WriteFile(install.GetComposePath(), strings.NewReader(install.DockerCompose), constant.FilePerm); err != nil {
 			return err
 		}
 
@@ -871,10 +871,10 @@ func downloadApp(app model.App, appDetail model.AppDetail, appInstall *model.App
 		return
 	}
 	if !fileOp.Stat(appDownloadDir) {
-		_ = fileOp.CreateDir(appDownloadDir, 0755)
+		_ = fileOp.CreateDir(appDownloadDir, constant.DirPerm)
 	}
 	if !fileOp.Stat(appVersionDir) {
-		_ = fileOp.CreateDir(appVersionDir, 0755)
+		_ = fileOp.CreateDir(appVersionDir, constant.DirPerm)
 	}
 	if logger == nil {
 		global.LOG.Infof("download app[%s] from %s", app.Name, appDetail.DownloadUrl)
@@ -938,7 +938,7 @@ func copyData(task *task.Task, app model.App, appDetail model.AppDetail, appInst
 	resourceDir := path.Join(appResourceDir, appKey, appDetail.Version)
 
 	if !fileOp.Stat(installAppDir) {
-		if err = fileOp.CreateDir(installAppDir, 0755); err != nil {
+		if err = fileOp.CreateDir(installAppDir, constant.DirPerm); err != nil {
 			return
 		}
 	}
@@ -962,7 +962,7 @@ func copyData(task *task.Task, app model.App, appDetail model.AppDetail, appInst
 	if err = env.Write(envParams, envPath); err != nil {
 		return
 	}
-	if err := fileOp.WriteFile(appInstall.GetComposePath(), strings.NewReader(appInstall.DockerCompose), 0755); err != nil {
+	if err := fileOp.WriteFile(appInstall.GetComposePath(), strings.NewReader(appInstall.DockerCompose), constant.DirPerm); err != nil {
 		return err
 	}
 	return
diff --git a/agent/app/service/backup_app.go b/agent/app/service/backup_app.go
index 284ab865d..a3e37b0b7 100644
--- a/agent/app/service/backup_app.go
+++ b/agent/app/service/backup_app.go
@@ -303,7 +303,7 @@ func handleAppRecover(install *model.AppInstall, parentTask *task.Task, recoverF
 		appDir := install.GetPath()
 		backPath := fmt.Sprintf("%s_bak", appDir)
 		_ = fileOp.Rename(appDir, backPath)
-		_ = fileOp.CreateDir(appDir, 0755)
+		_ = fileOp.CreateDir(appDir, constant.DirPerm)
 
 		deCompressName := i18n.GetWithName("DeCompressFile", "app.tar.gz")
 		t.LogStart(deCompressName)
diff --git a/agent/app/service/backup_runtime.go b/agent/app/service/backup_runtime.go
index c19c2101a..771f94a88 100644
--- a/agent/app/service/backup_runtime.go
+++ b/agent/app/service/backup_runtime.go
@@ -98,7 +98,7 @@ func handleRuntimeRecover(runtime *model.Runtime, recoverFile string, isRollback
 	runtimeDir := runtime.GetPath()
 	backPath := fmt.Sprintf("%s_bak", runtimeDir)
 	_ = fileOp.Rename(runtimeDir, backPath)
-	_ = fileOp.CreateDir(runtimeDir, 0755)
+	_ = fileOp.CreateDir(runtimeDir, constant.DirPerm)
 
 	if err := handleUnTar(tmpPath+"/runtime.tar.gz", fmt.Sprintf("%s/%s", constant.RuntimeDir, runtime.Type), secret); err != nil {
 		global.LOG.Errorf("handle recover from runtime.tar.gz failed, err: %v", err)
diff --git a/agent/app/service/container.go b/agent/app/service/container.go
index c48f885f0..a9c04858c 100644
--- a/agent/app/service/container.go
+++ b/agent/app/service/container.go
@@ -773,7 +773,7 @@ func (u *ContainerService) ContainerLogClean(req dto.OperationWithName) error {
 	if err := client.ContainerStop(ctx, containerItem.ID, container.StopOptions{}); err != nil {
 		return err
 	}
-	file, err := os.OpenFile(containerItem.LogPath, os.O_RDWR|os.O_CREATE, 0666)
+	file, err := os.OpenFile(containerItem.LogPath, os.O_RDWR|os.O_CREATE, constant.FilePerm)
 	if err != nil {
 		return err
 	}
diff --git a/agent/app/service/container_compose.go b/agent/app/service/container_compose.go
index b3bfb08e8..df08b625a 100644
--- a/agent/app/service/container_compose.go
+++ b/agent/app/service/container_compose.go
@@ -298,7 +298,7 @@ func (u *ContainerService) loadPath(req *dto.ComposeCreate) error {
 		}
 
 		path := fmt.Sprintf("%s/docker-compose.yml", dir)
-		file, err := os.OpenFile(path, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0666)
+		file, err := os.OpenFile(path, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, constant.FilePerm)
 		if err != nil {
 			return err
 		}
@@ -350,7 +350,7 @@ func newComposeEnv(pathItem string, env []string) error {
 		return nil
 	}
 	envFilePath := path.Join(path.Dir(pathItem), "1panel.env")
-	file, err := os.OpenFile(envFilePath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0666)
+	file, err := os.OpenFile(envFilePath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, constant.FilePerm)
 	if err != nil {
 		global.LOG.Errorf("failed to create env file: %v", err)
 		return err
diff --git a/agent/app/service/cronjob.go b/agent/app/service/cronjob.go
index dbda88b8a..b0893c747 100644
--- a/agent/app/service/cronjob.go
+++ b/agent/app/service/cronjob.go
@@ -351,7 +351,7 @@ func mkdirAndWriteFile(cronjob *model.Cronjob, startTime time.Time, msg []byte)
 
 	path := fmt.Sprintf("%s/%s.log", dir, startTime.Format(constant.DateTimeSlimLayout))
 	global.LOG.Infof("cronjob %s has generated some logs %s", cronjob.Name, path)
-	file, err := os.OpenFile(path, os.O_WRONLY|os.O_CREATE, 0666)
+	file, err := os.OpenFile(path, os.O_WRONLY|os.O_CREATE, constant.FilePerm)
 	if err != nil {
 		return "", err
 	}
diff --git a/agent/app/service/cronjob_helper.go b/agent/app/service/cronjob_helper.go
index 1891defd3..7180b3c7c 100644
--- a/agent/app/service/cronjob_helper.go
+++ b/agent/app/service/cronjob_helper.go
@@ -106,7 +106,7 @@ func (u *CronjobService) handleShell(cronjob model.Cronjob, logPath string) erro
 	if cronjob.ScriptMode == "input" {
 		fileItem := pathUtils.Join(global.CONF.System.BaseDir, "1panel", "task", "shell", cronjob.Name, cronjob.Name+".sh")
 		_ = os.MkdirAll(pathUtils.Dir(fileItem), os.ModePerm)
-		shellFile, err := os.OpenFile(fileItem, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0666)
+		shellFile, err := os.OpenFile(fileItem, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, constant.FilePerm)
 		if err != nil {
 			return err
 		}
@@ -234,7 +234,7 @@ func (u *CronjobService) handleCutWebsiteLog(cronjob *model.Cronjob, startTime t
 		srcErrorLogPath := pathUtils.Join(websiteLogDir, "error.log")
 		dstLogDir := pathUtils.Join(global.CONF.System.Backup, "log", "website", website.Alias)
 		if !fileOp.Stat(dstLogDir) {
-			_ = os.MkdirAll(dstLogDir, 0755)
+			_ = os.MkdirAll(dstLogDir, constant.DirPerm)
 		}
 
 		dstName := fmt.Sprintf("%s_log_%s.gz", website.PrimaryDomain, startTime.Format(constant.DateTimeSlimLayout))
@@ -248,8 +248,8 @@ func (u *CronjobService) handleCutWebsiteLog(cronjob *model.Cronjob, startTime t
 			global.LOG.Error(websiteErr.Error())
 			continue
 		} else {
-			_ = fileOp.WriteFile(srcAccessLogPath, strings.NewReader(""), 0755)
-			_ = fileOp.WriteFile(srcErrorLogPath, strings.NewReader(""), 0755)
+			_ = fileOp.WriteFile(srcAccessLogPath, strings.NewReader(""), constant.DirPerm)
+			_ = fileOp.WriteFile(srcErrorLogPath, strings.NewReader(""), constant.DirPerm)
 		}
 		msg := i18n.GetMsgWithMap("CutWebsiteLogSuccess", map[string]interface{}{"name": website.PrimaryDomain, "path": dstFilePath})
 		msgs = append(msgs, msg)
diff --git a/agent/app/service/database_mysql.go b/agent/app/service/database_mysql.go
index 9a6939dba..fc86d4016 100644
--- a/agent/app/service/database_mysql.go
+++ b/agent/app/service/database_mysql.go
@@ -448,7 +448,7 @@ func (u *MysqlService) UpdateVariables(req dto.MysqlVariablesUpdate) error {
 			files = updateMyCnf(files, group, info.Param, info.Value)
 		}
 	}
-	file, err := os.OpenFile(path, os.O_WRONLY|os.O_TRUNC, 0666)
+	file, err := os.OpenFile(path, os.O_WRONLY|os.O_TRUNC, constant.FilePerm)
 	if err != nil {
 		return err
 	}
diff --git a/agent/app/service/database_redis.go b/agent/app/service/database_redis.go
index bc38bf5ad..0ff38c33c 100644
--- a/agent/app/service/database_redis.go
+++ b/agent/app/service/database_redis.go
@@ -273,7 +273,7 @@ func confSet(redisName string, updateType string, changeConf []redisConfig) erro
 	}
 	newFiles = append(newFiles, "# End Redis configuration rewrite by 1Panel")
 
-	file, err := os.OpenFile(path, os.O_WRONLY|os.O_TRUNC, 0666)
+	file, err := os.OpenFile(path, os.O_WRONLY|os.O_TRUNC, constant.FilePerm)
 	if err != nil {
 		return err
 	}
diff --git a/agent/app/service/file.go b/agent/app/service/file.go
index ef4f6e541..eb5f1822c 100644
--- a/agent/app/service/file.go
+++ b/agent/app/service/file.go
@@ -192,7 +192,7 @@ func (f *FileService) Create(op request.FileCreate) error {
 		if err == nil {
 			mode = int64(fileInfo.Mode().Perm())
 		} else {
-			mode = 0755
+			mode = constant.DirPerm
 		}
 	}
 	if op.IsDir {
diff --git a/agent/app/service/firewall.go b/agent/app/service/firewall.go
index b7ece1b41..a1805f268 100644
--- a/agent/app/service/firewall.go
+++ b/agent/app/service/firewall.go
@@ -589,7 +589,7 @@ func (u *FirewallService) updatePingStatus(enable string) error {
 	if !hasLine {
 		newFiles = append(newFiles, "net/ipv4/icmp_echo_ignore_all="+enable)
 	}
-	file, err := os.OpenFile(confPath, os.O_WRONLY|os.O_TRUNC, 0666)
+	file, err := os.OpenFile(confPath, os.O_WRONLY|os.O_TRUNC, constant.FilePerm)
 	if err != nil {
 		return err
 	}
diff --git a/agent/app/service/host_tool.go b/agent/app/service/host_tool.go
index ff6bf01ae..ce7175e7d 100644
--- a/agent/app/service/host_tool.go
+++ b/agent/app/service/host_tool.go
@@ -157,13 +157,13 @@ func (h *HostToolService) CreateToolConfig(req request.HostToolCreate) error {
 		supervisorDir := path.Join(global.CONF.System.BaseDir, "1panel", "tools", "supervisord")
 		includeDir := path.Join(supervisorDir, "supervisor.d")
 		if !fileOp.Stat(includeDir) {
-			if err = fileOp.CreateDir(includeDir, 0755); err != nil {
+			if err = fileOp.CreateDir(includeDir, constant.DirPerm); err != nil {
 				return err
 			}
 		}
 		logDir := path.Join(supervisorDir, "log")
 		if !fileOp.Stat(logDir) {
-			if err = fileOp.CreateDir(logDir, 0755); err != nil {
+			if err = fileOp.CreateDir(logDir, constant.DirPerm); err != nil {
 				return err
 			}
 		}
@@ -466,7 +466,7 @@ func handleSupervisorFile(req request.SupervisorProcessFileReq, includeDir, cont
 			}
 			return string(content), nil
 		case "clear":
-			if err = fileOp.WriteFile(logFile, strings.NewReader(""), 0755); err != nil {
+			if err = fileOp.WriteFile(logFile, strings.NewReader(""), constant.DirPerm); err != nil {
 				return "", err
 			}
 		}
@@ -486,7 +486,7 @@ func handleSupervisorFile(req request.SupervisorProcessFileReq, includeDir, cont
 			}
 			return string(content), nil
 		case "clear":
-			if err = fileOp.WriteFile(logFile, strings.NewReader(""), 0755); err != nil {
+			if err = fileOp.WriteFile(logFile, strings.NewReader(""), constant.DirPerm); err != nil {
 				return "", err
 			}
 		}
@@ -503,7 +503,7 @@ func handleSupervisorFile(req request.SupervisorProcessFileReq, includeDir, cont
 			if req.Content == "" {
 				return "", buserr.New("ErrConfigIsNull")
 			}
-			if err := fileOp.WriteFile(configPath, strings.NewReader(req.Content), 0755); err != nil {
+			if err := fileOp.WriteFile(configPath, strings.NewReader(req.Content), constant.DirPerm); err != nil {
 				return "", err
 			}
 			return "", operateSupervisorCtl("update", "", req.Name, includeDir, containerName)
diff --git a/agent/app/service/image.go b/agent/app/service/image.go
index a70f28e76..2ae44f986 100644
--- a/agent/app/service/image.go
+++ b/agent/app/service/image.go
@@ -170,7 +170,7 @@ func (u *ImageService) ImageBuild(req dto.ImageBuild) error {
 		}
 
 		pathItem := fmt.Sprintf("%s/Dockerfile", dir)
-		file, err := os.OpenFile(pathItem, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0666)
+		file, err := os.OpenFile(pathItem, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, constant.FilePerm)
 		if err != nil {
 			return err
 		}
@@ -317,7 +317,7 @@ func (u *ImageService) ImageSave(req dto.ImageSave) error {
 		return err
 	}
 	defer out.Close()
-	file, err := os.OpenFile(fmt.Sprintf("%s/%s.tar", req.Path, req.Name), os.O_WRONLY|os.O_CREATE|os.O_EXCL, 0666)
+	file, err := os.OpenFile(fmt.Sprintf("%s/%s.tar", req.Path, req.Name), os.O_WRONLY|os.O_CREATE|os.O_EXCL, constant.FilePerm)
 	if err != nil {
 		return err
 	}
diff --git a/agent/app/service/nginx.go b/agent/app/service/nginx.go
index 5bbc56fc4..579882149 100644
--- a/agent/app/service/nginx.go
+++ b/agent/app/service/nginx.go
@@ -136,7 +136,7 @@ func (n NginxService) UpdateConfigFile(req request.NginxConfigFileUpdate) error
 	if req.Backup {
 		backupPath := path.Join(path.Dir(filePath), "bak")
 		if !fileOp.Stat(backupPath) {
-			if err := fileOp.CreateDir(backupPath, 0755); err != nil {
+			if err := fileOp.CreateDir(backupPath, constant.DirPerm); err != nil {
 				return err
 			}
 		}
@@ -152,12 +152,12 @@ func (n NginxService) UpdateConfigFile(req request.NginxConfigFileUpdate) error
 	if err != nil {
 		return err
 	}
-	if err = fileOp.WriteFile(filePath, strings.NewReader(req.Content), 0644); err != nil {
+	if err = fileOp.WriteFile(filePath, strings.NewReader(req.Content), constant.DirPerm); err != nil {
 		return err
 	}
 	if status, err := checkContainerStatus(nginxInstall.ContainerName); err == nil && status != "running" {
 		if out, err := compose.DownAndUp(nginxInstall.GetComposePath()); err != nil {
-			_ = fileOp.SaveFile(filePath, string(oldContent), 0644)
+			_ = fileOp.SaveFile(filePath, string(oldContent), constant.DirPerm)
 			return fmt.Errorf("nginx restart failed: %v", out)
 		} else {
 			return nginxCheckAndReload(string(oldContent), filePath, nginxInstall.ContainerName)
@@ -207,7 +207,7 @@ func (n NginxService) Build(req request.NginxBuildReq) error {
 	)
 	if len(moduleContent) > 0 {
 		_ = json.Unmarshal(moduleContent, &modules)
-		bashFile, err := os.OpenFile(path.Join(buildPath, "tmp", "pre.sh"), os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0755)
+		bashFile, err := os.OpenFile(path.Join(buildPath, "tmp", "pre.sh"), os.O_CREATE|os.O_WRONLY|os.O_TRUNC, constant.DirPerm)
 		if err != nil {
 			return err
 		}
@@ -358,5 +358,5 @@ func (n NginxService) UpdateModule(req request.NginxModuleUpdate) error {
 	if err != nil {
 		return err
 	}
-	return fileOp.SaveFileWithByte(moduleConfigPath, moduleByte, 0644)
+	return fileOp.SaveFileWithByte(moduleConfigPath, moduleByte, constant.DirPerm)
 }
diff --git a/agent/app/service/nginx_utils.go b/agent/app/service/nginx_utils.go
index 0119ea01a..acd48897f 100644
--- a/agent/app/service/nginx_utils.go
+++ b/agent/app/service/nginx_utils.go
@@ -220,11 +220,11 @@ func opNginx(containerName, operate string) error {
 
 func nginxCheckAndReload(oldContent string, filePath string, containerName string) error {
 	if err := opNginx(containerName, constant.NginxCheck); err != nil {
-		_ = files.NewFileOp().WriteFile(filePath, strings.NewReader(oldContent), 0644)
+		_ = files.NewFileOp().WriteFile(filePath, strings.NewReader(oldContent), constant.DirPerm)
 		return err
 	}
 	if err := opNginx(containerName, constant.NginxReload); err != nil {
-		_ = files.NewFileOp().WriteFile(filePath, strings.NewReader(oldContent), 0644)
+		_ = files.NewFileOp().WriteFile(filePath, strings.NewReader(oldContent), constant.DirPerm)
 		return err
 	}
 	return nil
diff --git a/agent/app/service/recycle_bin.go b/agent/app/service/recycle_bin.go
index 7e8fc9e32..9e45d2407 100644
--- a/agent/app/service/recycle_bin.go
+++ b/agent/app/service/recycle_bin.go
@@ -175,7 +175,7 @@ func getClashDir(realPath string) (string, error) {
 func createClashDir(clashDir string) error {
 	op := files.NewFileOp()
 	if !op.Stat(clashDir) {
-		if err := op.CreateDir(clashDir, 0755); err != nil {
+		if err := op.CreateDir(clashDir, constant.DirPerm); err != nil {
 			return err
 		}
 	}
diff --git a/agent/app/service/runtime.go b/agent/app/service/runtime.go
index 11135571f..4a639bb80 100644
--- a/agent/app/service/runtime.go
+++ b/agent/app/service/runtime.go
@@ -928,13 +928,13 @@ func (r *RuntimeService) UpdatePHPConfig(req request.PHPConfigUpdate) (err error
 		}
 	}
 	updatedContent := strings.Join(lines, "\n")
-	if err := fileOp.WriteFile(phpConfigPath, strings.NewReader(updatedContent), 0755); err != nil {
+	if err := fileOp.WriteFile(phpConfigPath, strings.NewReader(updatedContent), constant.DirPerm); err != nil {
 		return err
 	}
 
 	err = restartRuntime(runtime)
 	if err != nil {
-		_ = fileOp.WriteFile(phpConfigPath, strings.NewReader(string(contentBytes)), 0755)
+		_ = fileOp.WriteFile(phpConfigPath, strings.NewReader(string(contentBytes)), constant.DirPerm)
 		return err
 	}
 	return
@@ -973,7 +973,7 @@ func (r *RuntimeService) UpdatePHPConfigFile(req request.PHPFileUpdate) error {
 	} else {
 		configPath = path.Join(runtime.GetPath(), "conf", "php.ini")
 	}
-	if err := files.NewFileOp().WriteFile(configPath, strings.NewReader(req.Content), 0755); err != nil {
+	if err := files.NewFileOp().WriteFile(configPath, strings.NewReader(req.Content), constant.DirPerm); err != nil {
 		return err
 	}
 	if _, err := compose.Restart(runtime.GetComposePath()); err != nil {
diff --git a/agent/app/service/runtime_utils.go b/agent/app/service/runtime_utils.go
index 9b06517ac..aaf807cc9 100644
--- a/agent/app/service/runtime_utils.go
+++ b/agent/app/service/runtime_utils.go
@@ -132,7 +132,7 @@ func runComposeCmdWithLog(operate string, composePath string, logPath string) er
 	if operate == "up" {
 		cmd = exec.Command("docker", "compose", "-f", composePath, operate, "-d")
 	}
-	logFile, err := os.OpenFile(logPath, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0666)
+	logFile, err := os.OpenFile(logPath, os.O_CREATE|os.O_WRONLY|os.O_APPEND, constant.FilePerm)
 	if err != nil {
 		global.LOG.Errorf("Failed to open log file: %v", err)
 		return err
@@ -208,7 +208,7 @@ func buildRuntime(runtime *model.Runtime, oldImageID string, oldEnv string, rebu
 	composePath := runtime.GetComposePath()
 	logPath := path.Join(runtimePath, "build.log")
 
-	logFile, err := os.OpenFile(logPath, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0666)
+	logFile, err := os.OpenFile(logPath, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, constant.FilePerm)
 	if err != nil {
 		global.LOG.Errorf("failed to open log file: %v", err)
 		return
@@ -502,7 +502,7 @@ func handleCompose(env gotenv.Env, composeContent []byte, create request.Runtime
 		return
 	}
 	fileOp := files.NewFileOp()
-	_ = fileOp.SaveFile(path.Join(projectDir, "docker-compose.yml"), string(composeByte), 0644)
+	_ = fileOp.SaveFile(path.Join(projectDir, "docker-compose.yml"), string(composeByte), constant.DirPerm)
 	return
 }
 
diff --git a/agent/app/service/ssh.go b/agent/app/service/ssh.go
index 8e62b3a46..b164d47a1 100644
--- a/agent/app/service/ssh.go
+++ b/agent/app/service/ssh.go
@@ -156,7 +156,7 @@ func (u *SSHService) Update(req dto.SSHUpdate) error {
 	}
 	lines := strings.Split(string(sshConf), "\n")
 	newFiles := updateSSHConf(lines, req.Key, req.NewValue)
-	file, err := os.OpenFile(sshPath, os.O_WRONLY|os.O_TRUNC, 0666)
+	file, err := os.OpenFile(sshPath, os.O_WRONLY|os.O_TRUNC, constant.FilePerm)
 	if err != nil {
 		return err
 	}
@@ -200,7 +200,7 @@ func (u *SSHService) UpdateByFile(value string) error {
 		return err
 	}
 
-	file, err := os.OpenFile(sshPath, os.O_WRONLY|os.O_TRUNC, 0666)
+	file, err := os.OpenFile(sshPath, os.O_WRONLY|os.O_TRUNC, constant.FilePerm)
 	if err != nil {
 		return err
 	}
diff --git a/agent/app/service/website.go b/agent/app/service/website.go
index 866229664..c2209587b 100644
--- a/agent/app/service/website.go
+++ b/agent/app/service/website.go
@@ -719,7 +719,7 @@ func (w WebsiteService) CreateWebsiteDomain(create request.WebsiteDomainCreate)
 		if err != nil {
 			return nil, err
 		}
-		if err := fileOp.SaveFileWithByte(websitesConfigPath, websitesContent, 0644); err != nil {
+		if err := fileOp.SaveFileWithByte(websitesConfigPath, websitesContent, constant.DirPerm); err != nil {
 			return nil, err
 		}
 	}
@@ -816,7 +816,7 @@ func (w WebsiteService) DeleteWebsiteDomain(domainId uint) error {
 		if err != nil {
 			return err
 		}
-		if err = fileOp.SaveFileWithByte(websitesConfigPath, websitesContent, 0644); err != nil {
+		if err = fileOp.SaveFileWithByte(websitesConfigPath, websitesContent, constant.DirPerm); err != nil {
 			return err
 		}
 	}
@@ -1169,7 +1169,7 @@ func (w WebsiteService) UpdateNginxConfigFile(req request.WebsiteNginxUpdate) er
 	}
 
 	filePath := nginxFull.SiteConfig.FilePath
-	if err = files.NewFileOp().WriteFile(filePath, strings.NewReader(req.Content), 0755); err != nil {
+	if err = files.NewFileOp().WriteFile(filePath, strings.NewReader(req.Content), constant.DirPerm); err != nil {
 		return err
 	}
 	return nginxCheckAndReload(nginxFull.SiteConfig.OldContent, filePath, nginxFull.Install.ContainerName)
@@ -1248,7 +1248,7 @@ func (w WebsiteService) OpWebsiteLog(req request.WebsiteLogReq) (*response.Websi
 		}
 	case constant.DeleteLog:
 		logPath := path.Join(sitePath, "log", req.LogType)
-		if err := files.NewFileOp().WriteFile(logPath, strings.NewReader(""), 0755); err != nil {
+		if err := files.NewFileOp().WriteFile(logPath, strings.NewReader(""), constant.DirPerm); err != nil {
 			return nil, err
 		}
 	}
@@ -1404,7 +1404,7 @@ func (w WebsiteService) UpdateRewriteConfig(req request.NginxRewriteUpdate) erro
 	fileOp := files.NewFileOp()
 	var oldRewriteContent []byte
 	if !fileOp.Stat(path.Dir(absolutePath)) {
-		if err := fileOp.CreateDir(path.Dir(absolutePath), 0755); err != nil {
+		if err := fileOp.CreateDir(path.Dir(absolutePath), constant.DirPerm); err != nil {
 			return err
 		}
 	}
@@ -1418,12 +1418,12 @@ func (w WebsiteService) UpdateRewriteConfig(req request.NginxRewriteUpdate) erro
 			return err
 		}
 	}
-	if err := fileOp.WriteFile(absolutePath, strings.NewReader(req.Content), 0755); err != nil {
+	if err := fileOp.WriteFile(absolutePath, strings.NewReader(req.Content), constant.DirPerm); err != nil {
 		return err
 	}
 
 	if err := updateNginxConfig(constant.NginxScopeServer, []dto.NginxParam{{Name: "include", Params: []string{includePath}}}, &website); err != nil {
-		_ = fileOp.WriteFile(absolutePath, bytes.NewReader(oldRewriteContent), 0755)
+		_ = fileOp.WriteFile(absolutePath, bytes.NewReader(oldRewriteContent), constant.DirPerm)
 		return err
 	}
 	website.Rewrite = req.Name
@@ -1463,7 +1463,7 @@ func (w WebsiteService) OperateCustomRewrite(req request.CustomRewriteOperate) e
 	rewriteDir := GetOpenrestyDir(DefaultRewriteDir)
 	fileOp := files.NewFileOp()
 	if !fileOp.Stat(rewriteDir) {
-		if err := fileOp.CreateDir(rewriteDir, 0755); err != nil {
+		if err := fileOp.CreateDir(rewriteDir, constant.DirPerm); err != nil {
 			return err
 		}
 	}
@@ -1473,7 +1473,7 @@ func (w WebsiteService) OperateCustomRewrite(req request.CustomRewriteOperate) e
 		if fileOp.Stat(rewriteFile) {
 			return buserr.New(constant.ErrNameIsExist)
 		}
-		return fileOp.WriteFile(rewriteFile, strings.NewReader(req.Content), 0755)
+		return fileOp.WriteFile(rewriteFile, strings.NewReader(req.Content), constant.DirPerm)
 	case "delete":
 		return fileOp.DeleteFile(rewriteFile)
 	}
@@ -1552,7 +1552,7 @@ func (w WebsiteService) OperateProxy(req request.WebsiteProxyConfig) (err error)
 	fileOp := files.NewFileOp()
 	includeDir := GetSitePath(website, SiteProxyDir)
 	if !fileOp.Stat(includeDir) {
-		_ = fileOp.CreateDir(includeDir, 0755)
+		_ = fileOp.CreateDir(includeDir, constant.DirPerm)
 	}
 	fileName := fmt.Sprintf("%s.conf", req.Name)
 	includePath := path.Join(includeDir, fileName)
@@ -1570,7 +1570,7 @@ func (w WebsiteService) OperateProxy(req request.WebsiteProxyConfig) (err error)
 			case "create":
 				_ = fileOp.DeleteFile(includePath)
 			case "edit":
-				_ = fileOp.WriteFile(includePath, bytes.NewReader(oldContent), 0755)
+				_ = fileOp.WriteFile(includePath, bytes.NewReader(oldContent), constant.DirPerm)
 			}
 		}
 	}()
@@ -1654,7 +1654,7 @@ func (w WebsiteService) UpdateProxyCache(req request.NginxProxyCacheUpdate) (err
 	cacheDir := GetSitePath(website, SiteCacheDir)
 	fileOp := files.NewFileOp()
 	if !fileOp.Stat(cacheDir) {
-		_ = fileOp.CreateDir(cacheDir, 0755)
+		_ = fileOp.CreateDir(cacheDir, constant.DirPerm)
 	}
 	if req.Open {
 		proxyCachePath := fmt.Sprintf("/www/sites/%s/cache levels=1:2 keys_zone=proxy_cache_zone_of_%s:%d%s max_size=%d%s inactive=%d%s", website.Alias, website.Alias, req.ShareCache, req.ShareCacheUnit, req.CacheLimit, req.CacheLimitUnit, req.CacheExpire, req.CacheExpireUnit)
@@ -1811,12 +1811,12 @@ func (w WebsiteService) UpdateProxyFile(req request.NginxProxyUpdate) (err error
 	if err != nil {
 		return err
 	}
-	if err = fileOp.WriteFile(absolutePath, strings.NewReader(req.Content), 0755); err != nil {
+	if err = fileOp.WriteFile(absolutePath, strings.NewReader(req.Content), constant.DirPerm); err != nil {
 		return err
 	}
 	defer func() {
 		if err != nil {
-			_ = fileOp.WriteFile(absolutePath, bytes.NewReader(oldRewriteContent), 0755)
+			_ = fileOp.WriteFile(absolutePath, bytes.NewReader(oldRewriteContent), constant.DirPerm)
 		}
 	}()
 	return updateNginxConfig(constant.NginxScopeServer, nil, &website)
@@ -1886,7 +1886,7 @@ func (w WebsiteService) UpdateAuthBasic(req request.NginxAuthUpdate) (err error)
 	absoluteAuthPath := path.Join(nginxInstall.GetPath(), authPath)
 	fileOp := files.NewFileOp()
 	if !fileOp.Stat(path.Dir(absoluteAuthPath)) {
-		_ = fileOp.CreateDir(path.Dir(absoluteAuthPath), 0755)
+		_ = fileOp.CreateDir(path.Dir(absoluteAuthPath), constant.DirPerm)
 	}
 	if !fileOp.Stat(absoluteAuthPath) {
 		_ = fileOp.CreateFile(absoluteAuthPath)
@@ -2076,11 +2076,11 @@ func (w WebsiteService) UpdatePathAuthBasic(req request.NginxPathAuthUpdate) err
 	fileOp := files.NewFileOp()
 	authDir := path.Join(nginxInstall.GetPath(), "www", "sites", website.Alias, "path_auth")
 	if !fileOp.Stat(authDir) {
-		_ = fileOp.CreateDir(authDir, 0755)
+		_ = fileOp.CreateDir(authDir, constant.DirPerm)
 	}
 	passDir := path.Join(authDir, "pass")
 	if !fileOp.Stat(passDir) {
-		_ = fileOp.CreateDir(passDir, 0755)
+		_ = fileOp.CreateDir(passDir, constant.DirPerm)
 	}
 	confPath := path.Join(authDir, fmt.Sprintf("%s.conf", req.Name))
 	passPath := path.Join(passDir, fmt.Sprintf("%s.pass", req.Name))
@@ -2122,7 +2122,7 @@ func (w WebsiteService) UpdatePathAuthBasic(req request.NginxPathAuthUpdate) err
 	if req.Remark != "" {
 		line = fmt.Sprintf("%s:%s:%s\n", req.Username, passwdHash, req.Remark)
 	}
-	_ = fileOp.SaveFile(passPath, line, 0644)
+	_ = fileOp.SaveFile(passPath, line, constant.DirPerm)
 	if err = nginx.WriteConfig(config, nginx.IndentedStyle); err != nil {
 		return buserr.WithErr(constant.ErrUpdateBuWebsite, err)
 	}
@@ -2214,7 +2214,7 @@ func (w WebsiteService) UpdateAntiLeech(req request.NginxAntiLeechUpdate) (err e
 		return
 	}
 	if err = updateNginxConfig(constant.NginxScopeServer, nil, &website); err != nil {
-		_ = fileOp.WriteFile(nginxFull.SiteConfig.Config.FilePath, bytes.NewReader(backupContent), 0755)
+		_ = fileOp.WriteFile(nginxFull.SiteConfig.Config.FilePath, bytes.NewReader(backupContent), constant.DirPerm)
 		return
 	}
 	return
@@ -2311,7 +2311,7 @@ func (w WebsiteService) OperateRedirect(req request.NginxRedirectReq) (err error
 	includeDir := GetSitePath(website, SiteRedirectDir)
 	fileOp := files.NewFileOp()
 	if !fileOp.Stat(includeDir) {
-		_ = fileOp.CreateDir(includeDir, 0755)
+		_ = fileOp.CreateDir(includeDir, constant.DirPerm)
 	}
 	fileName := fmt.Sprintf("%s.conf", req.Name)
 	includePath := path.Join(includeDir, fileName)
@@ -2329,7 +2329,7 @@ func (w WebsiteService) OperateRedirect(req request.NginxRedirectReq) (err error
 			case "create":
 				_ = fileOp.DeleteFile(includePath)
 			case "edit":
-				_ = fileOp.WriteFile(includePath, bytes.NewReader(oldContent), 0755)
+				_ = fileOp.WriteFile(includePath, bytes.NewReader(oldContent), constant.DirPerm)
 			}
 		}
 	}()
@@ -2597,12 +2597,12 @@ func (w WebsiteService) UpdateRedirectFile(req request.NginxRedirectUpdate) (err
 	if err != nil {
 		return err
 	}
-	if err = fileOp.WriteFile(absolutePath, strings.NewReader(req.Content), 0755); err != nil {
+	if err = fileOp.WriteFile(absolutePath, strings.NewReader(req.Content), constant.DirPerm); err != nil {
 		return err
 	}
 	defer func() {
 		if err != nil {
-			_ = fileOp.WriteFile(absolutePath, bytes.NewReader(oldRewriteContent), 0755)
+			_ = fileOp.WriteFile(absolutePath, bytes.NewReader(oldRewriteContent), constant.DirPerm)
 		}
 	}()
 	return updateNginxConfig(constant.NginxScopeServer, nil, &website)
@@ -2662,7 +2662,7 @@ func (w WebsiteService) GetDefaultHtml(resourceType string) (*response.WebsiteHt
 	fileOp := files.NewFileOp()
 	defaultPath := path.Join(rootPath, "default")
 	if !fileOp.Stat(defaultPath) {
-		_ = fileOp.CreateDir(defaultPath, 0755)
+		_ = fileOp.CreateDir(defaultPath, constant.DirPerm)
 	}
 
 	res := &response.WebsiteHtmlRes{}
@@ -2721,7 +2721,7 @@ func (w WebsiteService) UpdateDefaultHtml(req request.WebsiteHtmlUpdate) error {
 	fileOp := files.NewFileOp()
 	defaultPath := path.Join(rootPath, "default")
 	if !fileOp.Stat(defaultPath) {
-		_ = fileOp.CreateDir(defaultPath, 0755)
+		_ = fileOp.CreateDir(defaultPath, constant.DirPerm)
 	}
 	var resourcePath string
 	switch req.Type {
@@ -2738,7 +2738,7 @@ func (w WebsiteService) UpdateDefaultHtml(req request.WebsiteHtmlUpdate) error {
 	default:
 		return nil
 	}
-	return fileOp.SaveFile(resourcePath, req.Content, 0644)
+	return fileOp.SaveFile(resourcePath, req.Content, constant.DirPerm)
 }
 
 func (w WebsiteService) GetLoadBalances(id uint) ([]dto.NginxUpstream, error) {
@@ -2848,7 +2848,7 @@ func (w WebsiteService) CreateLoadBalance(req request.WebsiteLBCreate) error {
 	includeDir := path.Join(nginxInstall.GetPath(), "www", "sites", website.Alias, "upstream")
 	fileOp := files.NewFileOp()
 	if !fileOp.Stat(includeDir) {
-		_ = fileOp.CreateDir(includeDir, 0644)
+		_ = fileOp.CreateDir(includeDir, constant.DirPerm)
 	}
 	filePath := path.Join(includeDir, fmt.Sprintf("%s.conf", req.Name))
 	if fileOp.Stat(filePath) {
@@ -3020,12 +3020,12 @@ func (w WebsiteService) UpdateLoadBalanceFile(req request.WebsiteLBUpdateFile) e
 	if err != nil {
 		return err
 	}
-	if err = fileOp.WriteFile(filePath, strings.NewReader(req.Content), 0755); err != nil {
+	if err = fileOp.WriteFile(filePath, strings.NewReader(req.Content), constant.DirPerm); err != nil {
 		return err
 	}
 	defer func() {
 		if err != nil {
-			_ = fileOp.WriteFile(filePath, bytes.NewReader(oldContent), 0755)
+			_ = fileOp.WriteFile(filePath, bytes.NewReader(oldContent), constant.DirPerm)
 		}
 	}()
 	return opNginx(nginxInstall.ContainerName, constant.NginxReload)
diff --git a/agent/app/service/website_ca.go b/agent/app/service/website_ca.go
index a6368b05c..5a9bdd43b 100644
--- a/agent/app/service/website_ca.go
+++ b/agent/app/service/website_ca.go
@@ -365,7 +365,7 @@ func (w WebsiteCAService) ObtainSSL(req request.WebsiteCAObtain) (*model.Website
 		}
 	}
 
-	logFile, _ := os.OpenFile(path.Join(constant.SSLLogDir, fmt.Sprintf("%s-ssl-%d.log", websiteSSL.PrimaryDomain, websiteSSL.ID)), os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0666)
+	logFile, _ := os.OpenFile(path.Join(constant.SSLLogDir, fmt.Sprintf("%s-ssl-%d.log", websiteSSL.PrimaryDomain, websiteSSL.ID)), os.O_CREATE|os.O_WRONLY|os.O_TRUNC, constant.FilePerm)
 	defer logFile.Close()
 	logger := log.New(logFile, "", log.LstdFlags)
 	logger.Println(i18n.GetMsgWithMap("ApplySSLSuccess", map[string]interface{}{"domain": strings.Join(domains, ",")}))
@@ -430,13 +430,13 @@ func (w WebsiteCAService) DownloadFile(id uint) (*os.File, error) {
 			return nil, err
 		}
 	}
-	if err = fileOp.CreateDir(dir, 0666); err != nil {
+	if err = fileOp.CreateDir(dir, constant.DirPerm); err != nil {
 		return nil, err
 	}
-	if err = fileOp.WriteFile(path.Join(dir, "ca.csr"), strings.NewReader(ca.CSR), 0644); err != nil {
+	if err = fileOp.WriteFile(path.Join(dir, "ca.csr"), strings.NewReader(ca.CSR), constant.DirPerm); err != nil {
 		return nil, err
 	}
-	if err = fileOp.WriteFile(path.Join(dir, "private.key"), strings.NewReader(ca.PrivateKey), 0644); err != nil {
+	if err = fileOp.WriteFile(path.Join(dir, "private.key"), strings.NewReader(ca.PrivateKey), constant.DirPerm); err != nil {
 		return nil, err
 	}
 	fileName := ca.Name + ".zip"
diff --git a/agent/app/service/website_ssl.go b/agent/app/service/website_ssl.go
index 0535f90ac..171635c33 100644
--- a/agent/app/service/website_ssl.go
+++ b/agent/app/service/website_ssl.go
@@ -137,7 +137,7 @@ func (w WebsiteSSLService) Create(create request.WebsiteSSLCreate) (request.Webs
 	if create.PushDir {
 		fileOP := files.NewFileOp()
 		if !fileOP.Stat(create.Dir) {
-			_ = fileOP.CreateDir(create.Dir, 0755)
+			_ = fileOP.CreateDir(create.Dir, constant.DirPerm)
 		}
 		websiteSSL.Dir = create.Dir
 	}
@@ -295,7 +295,7 @@ func (w WebsiteSSLService) ObtainSSL(apply request.WebsiteSSLApply) error {
 	}
 
 	go func() {
-		logFile, _ := os.OpenFile(path.Join(constant.SSLLogDir, fmt.Sprintf("%s-ssl-%d.log", websiteSSL.PrimaryDomain, websiteSSL.ID)), os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0666)
+		logFile, _ := os.OpenFile(path.Join(constant.SSLLogDir, fmt.Sprintf("%s-ssl-%d.log", websiteSSL.PrimaryDomain, websiteSSL.ID)), os.O_CREATE|os.O_WRONLY|os.O_TRUNC, constant.FilePerm)
 		defer logFile.Close()
 		logger := log.New(logFile, "", log.LstdFlags)
 		legoLogger.Logger = logger
@@ -492,7 +492,7 @@ func (w WebsiteSSLService) Update(update request.WebsiteSSLUpdate) error {
 	if update.PushDir {
 		fileOP := files.NewFileOp()
 		if !fileOP.Stat(update.Dir) {
-			_ = fileOP.CreateDir(update.Dir, 0755)
+			_ = fileOP.CreateDir(update.Dir, constant.DirPerm)
 		}
 		updateParams["dir"] = update.Dir
 	}
@@ -635,13 +635,13 @@ func (w WebsiteSSLService) DownloadFile(id uint) (*os.File, error) {
 			return nil, err
 		}
 	}
-	if err = fileOp.CreateDir(dir, 0666); err != nil {
+	if err = fileOp.CreateDir(dir, constant.DirPerm); err != nil {
 		return nil, err
 	}
-	if err = fileOp.WriteFile(path.Join(dir, "fullchain.pem"), strings.NewReader(websiteSSL.Pem), 0644); err != nil {
+	if err = fileOp.WriteFile(path.Join(dir, "fullchain.pem"), strings.NewReader(websiteSSL.Pem), constant.DirPerm); err != nil {
 		return nil, err
 	}
-	if err = fileOp.WriteFile(path.Join(dir, "privkey.pem"), strings.NewReader(websiteSSL.PrivateKey), 0644); err != nil {
+	if err = fileOp.WriteFile(path.Join(dir, "privkey.pem"), strings.NewReader(websiteSSL.PrivateKey), constant.DirPerm); err != nil {
 		return nil, err
 	}
 	fileName := websiteSSL.PrimaryDomain + ".zip"
diff --git a/agent/app/service/website_utils.go b/agent/app/service/website_utils.go
index ecb14f852..439113799 100644
--- a/agent/app/service/website_utils.go
+++ b/agent/app/service/website_utils.go
@@ -62,7 +62,7 @@ func createIndexFile(website *model.Website, runtime *model.Runtime) error {
 
 	fileOp := files.NewFileOp()
 	if !fileOp.Stat(indexFolder) {
-		if err := fileOp.CreateDir(indexFolder, 0755); err != nil {
+		if err := fileOp.CreateDir(indexFolder, constant.DirPerm); err != nil {
 			return err
 		}
 	}
@@ -76,13 +76,13 @@ func createIndexFile(website *model.Website, runtime *model.Runtime) error {
 			return err
 		}
 	}
-	if err := fileOp.WriteFile(indexPath, strings.NewReader(indexContent), 0755); err != nil {
+	if err := fileOp.WriteFile(indexPath, strings.NewReader(indexContent), constant.DirPerm); err != nil {
 		return err
 	}
 
 	html404, _ := websiteService.GetDefaultHtml("404")
 	path404 := path.Join(indexFolder, "404.html")
-	if err := fileOp.WriteFile(path404, strings.NewReader(html404.Content), 0755); err != nil {
+	if err := fileOp.WriteFile(path404, strings.NewReader(html404.Content), constant.DirPerm); err != nil {
 		return err
 	}
 
@@ -98,7 +98,7 @@ func createProxyFile(website *model.Website) error {
 	filePath := path.Join(proxyFolder, "root.conf")
 	fileOp := files.NewFileOp()
 	if !fileOp.Stat(proxyFolder) {
-		if err := fileOp.CreateDir(proxyFolder, 0755); err != nil {
+		if err := fileOp.CreateDir(proxyFolder, constant.DirPerm); err != nil {
 			return err
 		}
 	}
@@ -130,10 +130,10 @@ func createWebsiteFolder(website *model.Website, runtime *model.Runtime) error {
 	siteFolder := GteSiteDir(website.Alias)
 	fileOp := files.NewFileOp()
 	if !fileOp.Stat(siteFolder) {
-		if err := fileOp.CreateDir(siteFolder, 0755); err != nil {
+		if err := fileOp.CreateDir(siteFolder, constant.DirPerm); err != nil {
 			return err
 		}
-		if err := fileOp.CreateDir(path.Join(siteFolder, "log"), 0755); err != nil {
+		if err := fileOp.CreateDir(path.Join(siteFolder, "log"), constant.DirPerm); err != nil {
 			return err
 		}
 		if err := fileOp.CreateFile(path.Join(siteFolder, "log", "access.log")); err != nil {
@@ -142,16 +142,16 @@ func createWebsiteFolder(website *model.Website, runtime *model.Runtime) error {
 		if err := fileOp.CreateFile(path.Join(siteFolder, "log", "error.log")); err != nil {
 			return err
 		}
-		if err := fileOp.CreateDir(path.Join(siteFolder, "index"), 0775); err != nil {
+		if err := fileOp.CreateDir(path.Join(siteFolder, "index"), constant.DirPerm); err != nil {
 			return err
 		}
-		if err := fileOp.CreateDir(path.Join(siteFolder, "ssl"), 0755); err != nil {
+		if err := fileOp.CreateDir(path.Join(siteFolder, "ssl"), constant.DirPerm); err != nil {
 			return err
 		}
 		if website.Type == constant.Runtime {
 			if runtime.Type == constant.RuntimePHP && runtime.Resource == constant.ResourceLocal {
 				phpPoolDir := path.Join(siteFolder, "php-pool")
-				if err := fileOp.CreateDir(phpPoolDir, 0755); err != nil {
+				if err := fileOp.CreateDir(phpPoolDir, constant.DirPerm); err != nil {
 					return err
 				}
 				if err := fileOp.CreateFile(path.Join(phpPoolDir, "php-fpm.sock")); err != nil {
@@ -314,7 +314,7 @@ func createWafConfig(website *model.Website, domains []model.WebsiteDomain) erro
 	if err != nil {
 		return err
 	}
-	if err := fileOp.SaveFileWithByte(websitesConfigPath, websitesContent, 0644); err != nil {
+	if err := fileOp.SaveFileWithByte(websitesConfigPath, websitesContent, constant.DirPerm); err != nil {
 		return err
 	}
 
@@ -331,7 +331,7 @@ func createWafConfig(website *model.Website, domains []model.WebsiteDomain) erro
 	}
 
 	if !fileOp.Stat(websiteDir) {
-		if err = fileOp.CreateDir(websiteDir, 0755); err != nil {
+		if err = fileOp.CreateDir(websiteDir, constant.DirPerm); err != nil {
 			return err
 		}
 	}
@@ -341,13 +341,13 @@ func createWafConfig(website *model.Website, domains []model.WebsiteDomain) erro
 		}
 	}()
 
-	if err = fileOp.SaveFileWithByte(path.Join(websiteDir, "config.json"), defaultConfigContent, 0644); err != nil {
+	if err = fileOp.SaveFileWithByte(path.Join(websiteDir, "config.json"), defaultConfigContent, constant.DirPerm); err != nil {
 		return err
 	}
 
 	websiteRuleDir := path.Join(websiteDir, "rules")
 	if !fileOp.Stat(websiteRuleDir) {
-		if err := fileOp.CreateDir(websiteRuleDir, 0755); err != nil {
+		if err := fileOp.CreateDir(websiteRuleDir, constant.DirPerm); err != nil {
 			return err
 		}
 	}
@@ -443,7 +443,7 @@ func delWafConfig(website model.Website, force bool) error {
 	if err != nil {
 		return err
 	}
-	if err := fileOp.SaveFileWithByte(websitesConfigPath, websitesContent, 0644); err != nil {
+	if err := fileOp.SaveFileWithByte(websitesConfigPath, websitesContent, constant.DirPerm); err != nil {
 		return err
 	}
 
@@ -557,7 +557,7 @@ func createPemFile(website model.Website, websiteSSL model.WebsiteSSL) error {
 	fileOp := files.NewFileOp()
 
 	if !fileOp.Stat(configDir) {
-		if err := fileOp.CreateDir(configDir, 0775); err != nil {
+		if err := fileOp.CreateDir(configDir, constant.DirPerm); err != nil {
 			return err
 		}
 	}
@@ -576,10 +576,10 @@ func createPemFile(website model.Website, websiteSSL model.WebsiteSSL) error {
 		}
 	}
 
-	if err := fileOp.WriteFile(fullChainFile, strings.NewReader(websiteSSL.Pem), 0644); err != nil {
+	if err := fileOp.WriteFile(fullChainFile, strings.NewReader(websiteSSL.Pem), constant.DirPerm); err != nil {
 		return err
 	}
-	if err := fileOp.WriteFile(privatePemFile, strings.NewReader(websiteSSL.PrivateKey), 0644); err != nil {
+	if err := fileOp.WriteFile(privatePemFile, strings.NewReader(websiteSSL.PrivateKey), constant.DirPerm); err != nil {
 		return err
 	}
 	return nil
@@ -1019,12 +1019,12 @@ func saveCertificateFile(websiteSSL *model.WebsiteSSL, logger *log.Logger) {
 			pushErr error
 			MsgMap  = map[string]interface{}{"path": websiteSSL.Dir, "status": i18n.GetMsgByKey("Success")}
 		)
-		if pushErr = fileOp.SaveFile(path.Join(websiteSSL.Dir, "privkey.pem"), websiteSSL.PrivateKey, 0666); pushErr != nil {
+		if pushErr = fileOp.SaveFile(path.Join(websiteSSL.Dir, "privkey.pem"), websiteSSL.PrivateKey, constant.FilePerm); pushErr != nil {
 			MsgMap["status"] = i18n.GetMsgByKey("Failed")
 			logger.Println(i18n.GetMsgWithMap("PushDirLog", MsgMap))
 			logger.Println("Push dir failed:" + pushErr.Error())
 		}
-		if pushErr = fileOp.SaveFile(path.Join(websiteSSL.Dir, "fullchain.pem"), websiteSSL.Pem, 0666); pushErr != nil {
+		if pushErr = fileOp.SaveFile(path.Join(websiteSSL.Dir, "fullchain.pem"), websiteSSL.Pem, constant.FilePerm); pushErr != nil {
 			MsgMap["status"] = i18n.GetMsgByKey("Failed")
 			logger.Println(i18n.GetMsgWithMap("PushDirLog", MsgMap))
 			logger.Println("Push dir failed:" + pushErr.Error())
@@ -1227,7 +1227,7 @@ func openProxyCache(website model.Website) error {
 	cacheDir := GetSitePath(website, SiteCacheDir)
 	fileOp := files.NewFileOp()
 	if !fileOp.Stat(cacheDir) {
-		_ = fileOp.CreateDir(cacheDir, 0755)
+		_ = fileOp.CreateDir(cacheDir, constant.DirPerm)
 	}
 	content, err := fileOp.GetContent(GetSitePath(website, SiteConf))
 	if err != nil {
diff --git a/agent/app/task/task.go b/agent/app/task/task.go
index 2a89031c7..6974b4c1a 100644
--- a/agent/app/task/task.go
+++ b/agent/app/task/task.go
@@ -94,12 +94,12 @@ func NewTask(name, operate, taskScope, taskID string, resourceID uint) (*Task, e
 	}
 	logDir := path.Join(constant.LogDir, taskScope)
 	if _, err := os.Stat(logDir); os.IsNotExist(err) {
-		if err = os.MkdirAll(logDir, 0755); err != nil {
+		if err = os.MkdirAll(logDir, constant.DirPerm); err != nil {
 			return nil, fmt.Errorf("failed to create log directory: %w", err)
 		}
 	}
 	logPath := path.Join(constant.LogDir, taskScope, taskID+".log")
-	file, err := os.OpenFile(logPath, os.O_TRUNC|os.O_CREATE|os.O_WRONLY, 0666)
+	file, err := os.OpenFile(logPath, os.O_TRUNC|os.O_CREATE|os.O_WRONLY, constant.FilePerm)
 	if err != nil {
 		return nil, fmt.Errorf("failed to open log file: %w", err)
 	}
diff --git a/agent/constant/common.go b/agent/constant/common.go
index e8f7a04d2..a8c371bf8 100644
--- a/agent/constant/common.go
+++ b/agent/constant/common.go
@@ -28,3 +28,8 @@ const (
 	DateTimeLayout     = "2006-01-02 15:04:05" // or use time.DateTime while go version >= 1.20
 	DateTimeSlimLayout = "20060102150405"
 )
+
+const (
+	DirPerm  = 0755
+	FilePerm = 0644
+)
diff --git a/agent/init/app/app.go b/agent/init/app/app.go
index 86d03372b..280496b08 100644
--- a/agent/init/app/app.go
+++ b/agent/init/app/app.go
@@ -44,6 +44,6 @@ func Init() {
 
 func createDir(fileOp files.FileOp, dirPath string) {
 	if !fileOp.Stat(dirPath) {
-		_ = fileOp.CreateDir(dirPath, 0755)
+		_ = fileOp.CreateDir(dirPath, constant.DirPerm)
 	}
 }
diff --git a/agent/log/config.go b/agent/log/config.go
index 08c1d6173..22c1c27ed 100644
--- a/agent/log/config.go
+++ b/agent/log/config.go
@@ -2,6 +2,7 @@ package log
 
 import (
 	"errors"
+	"github.com/1Panel-dev/1Panel/agent/constant"
 	"io"
 	"os"
 	"path"
@@ -9,7 +10,7 @@ import (
 
 var (
 	BufferSize         = 0x100000
-	DefaultFileMode    = os.FileMode(0644)
+	DefaultFileMode    = os.FileMode(constant.DirPerm)
 	DefaultFileFlag    = os.O_RDWR | os.O_CREATE | os.O_APPEND
 	ErrInvalidArgument = errors.New("error argument invalid")
 	QueueSize          = 1024
diff --git a/agent/log/writer.go b/agent/log/writer.go
index c74979f82..36f4061ab 100644
--- a/agent/log/writer.go
+++ b/agent/log/writer.go
@@ -1,6 +1,7 @@
 package log
 
 import (
+	"github.com/1Panel-dev/1Panel/agent/constant"
 	"log"
 	"os"
 	"path"
@@ -84,7 +85,7 @@ func NewWriterFromConfig(c *Config) (RollingWriter, error) {
 		return nil, err
 	}
 	filepath := FilePath(c)
-	file, err := os.OpenFile(filepath, os.O_RDWR|os.O_CREATE|os.O_APPEND, 0644)
+	file, err := os.OpenFile(filepath, os.O_RDWR|os.O_CREATE|os.O_APPEND, constant.DirPerm)
 	if err != nil {
 		return nil, err
 	}
diff --git a/agent/server/server.go b/agent/server/server.go
index a657bb026..359803848 100644
--- a/agent/server/server.go
+++ b/agent/server/server.go
@@ -3,6 +3,7 @@ package server
 import (
 	"crypto/tls"
 	"fmt"
+	"github.com/1Panel-dev/1Panel/agent/constant"
 	"net"
 	"net/http"
 	"os"
@@ -54,7 +55,7 @@ func Start() {
 
 	if global.IsMaster {
 		_ = os.Remove("/etc/1panel/agent.sock")
-		_ = os.Mkdir("/etc/1panel", 0755)
+		_ = os.Mkdir("/etc/1panel", constant.DirPerm)
 		listener, err := net.Listen("unix", "/etc/1panel/agent.sock")
 		if err != nil {
 			panic(err)
diff --git a/agent/utils/cloud_storage/client/webdav.go b/agent/utils/cloud_storage/client/webdav.go
index c1013357c..1b3dfed98 100644
--- a/agent/utils/cloud_storage/client/webdav.go
+++ b/agent/utils/cloud_storage/client/webdav.go
@@ -3,6 +3,7 @@ package client
 import (
 	"crypto/tls"
 	"fmt"
+	"github.com/1Panel-dev/1Panel/agent/constant"
 	"io"
 	"net/http"
 	"os"
@@ -51,7 +52,7 @@ func (s webDAVClient) Upload(src, target string) (bool, error) {
 	}
 	defer srcFile.Close()
 
-	if err := s.client.WriteStream(targetFilePath, srcFile, 0644); err != nil {
+	if err := s.client.WriteStream(targetFilePath, srcFile, constant.DirPerm); err != nil {
 		return false, err
 	}
 	return true, nil
diff --git a/agent/utils/cmd/cmd.go b/agent/utils/cmd/cmd.go
index b41368d2f..49de670bb 100644
--- a/agent/utils/cmd/cmd.go
+++ b/agent/utils/cmd/cmd.go
@@ -63,7 +63,7 @@ func ExecWithTimeOut(cmdStr string, timeout time.Duration) (string, error) {
 func ExecWithLogFile(cmdStr string, timeout time.Duration, outputFile string) error {
 	cmd := exec.Command("bash", "-c", cmdStr)
 
-	outFile, err := os.OpenFile(outputFile, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0644)
+	outFile, err := os.OpenFile(outputFile, os.O_CREATE|os.O_WRONLY|os.O_APPEND, constant.DirPerm)
 	if err != nil {
 		return err
 	}
@@ -108,7 +108,7 @@ func ExecContainerScript(containerName, cmdStr string, timeout time.Duration) er
 }
 
 func ExecShell(outPath string, timeout time.Duration, name string, arg ...string) error {
-	file, err := os.OpenFile(outPath, os.O_WRONLY|os.O_CREATE, 0666)
+	file, err := os.OpenFile(outPath, os.O_WRONLY|os.O_CREATE, constant.FilePerm)
 	if err != nil {
 		return err
 	}
diff --git a/agent/utils/common/common.go b/agent/utils/common/common.go
index 8b3c2f9bd..89b3d4aa7 100644
--- a/agent/utils/common/common.go
+++ b/agent/utils/common/common.go
@@ -3,6 +3,7 @@ package common
 import (
 	"crypto/rand"
 	"fmt"
+	"github.com/1Panel-dev/1Panel/agent/constant"
 	"io"
 	mathRand "math/rand"
 	"net"
@@ -137,7 +138,7 @@ func CopyFile(src, dst string) error {
 			_ = os.MkdirAll(path.Dir(dst), os.ModePerm)
 		}
 	}
-	target, err := os.OpenFile(dst+"_temp", os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0755)
+	target, err := os.OpenFile(dst+"_temp", os.O_RDWR|os.O_CREATE|os.O_TRUNC, constant.DirPerm)
 	if err != nil {
 		return err
 	}
diff --git a/agent/utils/files/file_op.go b/agent/utils/files/file_op.go
index 45cf71104..3f5653c49 100644
--- a/agent/utils/files/file_op.go
+++ b/agent/utils/files/file_op.go
@@ -558,7 +558,7 @@ func (f FileOp) Compress(srcRiles []string, dst string, name string, cType Compr
 	}
 
 	if !f.Stat(dst) {
-		_ = f.CreateDir(dst, 0755)
+		_ = f.CreateDir(dst, constant.DirPerm)
 	}
 
 	files, err := archiver.FilesFromDisk(nil, fileMaps)
diff --git a/agent/utils/mysql/client/local.go b/agent/utils/mysql/client/local.go
index e0fd9d1c6..99a050300 100644
--- a/agent/utils/mysql/client/local.go
+++ b/agent/utils/mysql/client/local.go
@@ -224,7 +224,7 @@ func (r *Local) Backup(info BackupInfo) error {
 			return fmt.Errorf("mkdir %s failed, err: %v", info.TargetDir, err)
 		}
 	}
-	outfile, err := os.OpenFile(path.Join(info.TargetDir, info.FileName), os.O_RDWR|os.O_CREATE, 0755)
+	outfile, err := os.OpenFile(path.Join(info.TargetDir, info.FileName), os.O_RDWR|os.O_CREATE, constant.DirPerm)
 	if err != nil {
 		return fmt.Errorf("open file %s failed, err: %v", path.Join(info.TargetDir, info.FileName), err)
 	}
diff --git a/agent/utils/mysql/client/remote.go b/agent/utils/mysql/client/remote.go
index 0ccb43479..f5907770f 100644
--- a/agent/utils/mysql/client/remote.go
+++ b/agent/utils/mysql/client/remote.go
@@ -235,7 +235,7 @@ func (r *Remote) Backup(info BackupInfo) error {
 			return fmt.Errorf("mkdir %s failed, err: %v", info.TargetDir, err)
 		}
 	}
-	outfile, err := os.OpenFile(path.Join(info.TargetDir, info.FileName), os.O_RDWR|os.O_CREATE, 0755)
+	outfile, err := os.OpenFile(path.Join(info.TargetDir, info.FileName), os.O_RDWR|os.O_CREATE, constant.DirPerm)
 	if err != nil {
 		return fmt.Errorf("open file %s failed, err: %v", path.Join(info.TargetDir, info.FileName), err)
 	}
diff --git a/agent/utils/nginx/dumper.go b/agent/utils/nginx/dumper.go
index ba348d156..ad44288dd 100644
--- a/agent/utils/nginx/dumper.go
+++ b/agent/utils/nginx/dumper.go
@@ -3,6 +3,7 @@ package nginx
 import (
 	"bytes"
 	"fmt"
+	"github.com/1Panel-dev/1Panel/agent/constant"
 	"os"
 	"strings"
 
@@ -111,5 +112,5 @@ func DumpConfig(c *components.Config, style *Style) string {
 }
 
 func WriteConfig(c *components.Config, style *Style) error {
-	return os.WriteFile(c.FilePath, []byte(DumpConfig(c, style)), 0644)
+	return os.WriteFile(c.FilePath, []byte(DumpConfig(c, style)), constant.DirPerm)
 }
diff --git a/agent/utils/postgresql/client/local.go b/agent/utils/postgresql/client/local.go
index ca3604977..3d2cd3b1a 100644
--- a/agent/utils/postgresql/client/local.go
+++ b/agent/utils/postgresql/client/local.go
@@ -130,7 +130,7 @@ func (r *Local) Backup(info BackupInfo) error {
 			return fmt.Errorf("mkdir %s failed, err: %v", info.TargetDir, err)
 		}
 	}
-	outfile, err := os.OpenFile(path.Join(info.TargetDir, info.FileName), os.O_RDWR|os.O_CREATE, 0755)
+	outfile, err := os.OpenFile(path.Join(info.TargetDir, info.FileName), os.O_RDWR|os.O_CREATE, constant.DirPerm)
 	if err != nil {
 		return fmt.Errorf("open file %s failed, err: %v", path.Join(info.TargetDir, info.FileName), err)
 	}
diff --git a/core/app/service/backup.go b/core/app/service/backup.go
index 60982f646..4d929be35 100644
--- a/core/app/service/backup.go
+++ b/core/app/service/backup.go
@@ -481,7 +481,7 @@ func (u *BackupService) checkBackupConn(backup *model.BackupAccount) (bool, erro
 			return false, err
 		}
 	}
-	file, err := os.OpenFile(fileItem, os.O_WRONLY|os.O_CREATE, 0666)
+	file, err := os.OpenFile(fileItem, os.O_WRONLY|os.O_CREATE, constant.FilePerm)
 	if err != nil {
 		return false, err
 	}
diff --git a/core/app/task/task.go b/core/app/task/task.go
index dd6fbb136..5f0a5d3e6 100644
--- a/core/app/task/task.go
+++ b/core/app/task/task.go
@@ -73,12 +73,12 @@ func NewTask(name, operate, taskScope, taskID string, resourceID uint) (*Task, e
 	logItem := path.Join(global.CONF.System.BaseDir, "1panel/log")
 	logDir := path.Join(logItem, taskScope)
 	if _, err := os.Stat(logDir); os.IsNotExist(err) {
-		if err = os.MkdirAll(logDir, 0755); err != nil {
+		if err = os.MkdirAll(logDir, constant.DirPerm); err != nil {
 			return nil, fmt.Errorf("failed to create log directory: %w", err)
 		}
 	}
 	logPath := path.Join(logItem, taskScope, taskID+".log")
-	file, err := os.OpenFile(logPath, os.O_TRUNC|os.O_CREATE|os.O_WRONLY, 0666)
+	file, err := os.OpenFile(logPath, os.O_TRUNC|os.O_CREATE|os.O_WRONLY, constant.FilePerm)
 	if err != nil {
 		return nil, fmt.Errorf("failed to open log file: %w", err)
 	}
diff --git a/core/constant/common.go b/core/constant/common.go
index 61976eda9..e2fd84720 100644
--- a/core/constant/common.go
+++ b/core/constant/common.go
@@ -35,4 +35,9 @@ const (
 	GoogleRedirectURI   = "http://localhost:8080"
 )
 
+const (
+	DirPerm  = 0755
+	FilePerm = 0644
+)
+
 var CertStore atomic.Value
diff --git a/core/log/config.go b/core/log/config.go
index 08c1d6173..2757315e7 100644
--- a/core/log/config.go
+++ b/core/log/config.go
@@ -2,6 +2,7 @@ package log
 
 import (
 	"errors"
+	"github.com/1Panel-dev/1Panel/core/constant"
 	"io"
 	"os"
 	"path"
@@ -9,7 +10,7 @@ import (
 
 var (
 	BufferSize         = 0x100000
-	DefaultFileMode    = os.FileMode(0644)
+	DefaultFileMode    = os.FileMode(constant.DirPerm)
 	DefaultFileFlag    = os.O_RDWR | os.O_CREATE | os.O_APPEND
 	ErrInvalidArgument = errors.New("error argument invalid")
 	QueueSize          = 1024
diff --git a/core/log/writer.go b/core/log/writer.go
index 391a2f3ac..3f0d1abca 100644
--- a/core/log/writer.go
+++ b/core/log/writer.go
@@ -1,6 +1,7 @@
 package log
 
 import (
+	"github.com/1Panel-dev/1Panel/core/constant"
 	"log"
 	"os"
 	"path"
@@ -84,7 +85,7 @@ func NewWriterFromConfig(c *Config) (RollingWriter, error) {
 		return nil, err
 	}
 	filepath := FilePath(c)
-	file, err := os.OpenFile(filepath, os.O_RDWR|os.O_CREATE|os.O_APPEND, 0644)
+	file, err := os.OpenFile(filepath, os.O_RDWR|os.O_CREATE|os.O_APPEND, constant.DirPerm)
 	if err != nil {
 		return nil, err
 	}
diff --git a/core/middleware/session.go b/core/middleware/session.go
index 7e9d6cd0e..f301d21e1 100644
--- a/core/middleware/session.go
+++ b/core/middleware/session.go
@@ -23,7 +23,7 @@ func SessionAuth() gin.HandlerFunc {
 		}
 		psession, err := global.SESSION.Get(c)
 		if err != nil {
-			helper.ErrorWithDetail(c, constant.CodeErrUnauthorized, constant.ErrTypeNotLogin, nil)
+			helper.ErrorWithDetail(c, constant.CodeErrUnauthorized, constant.ErrTypeNotLogin, err)
 			return
 		}
 		settingRepo := repo.NewISettingRepo()
diff --git a/core/utils/cloud_storage/client/webdav.go b/core/utils/cloud_storage/client/webdav.go
index b237787c1..d4bcf6641 100644
--- a/core/utils/cloud_storage/client/webdav.go
+++ b/core/utils/cloud_storage/client/webdav.go
@@ -3,6 +3,7 @@ package client
 import (
 	"crypto/tls"
 	"fmt"
+	"github.com/1Panel-dev/1Panel/core/constant"
 	"net/http"
 	"os"
 	"path"
@@ -50,7 +51,7 @@ func (s webDAVClient) Upload(src, target string) (bool, error) {
 	}
 	defer srcFile.Close()
 
-	if err := s.client.WriteStream(targetFilePath, srcFile, 0644); err != nil {
+	if err := s.client.WriteStream(targetFilePath, srcFile, constant.DirPerm); err != nil {
 		return false, err
 	}
 	return true, nil
diff --git a/core/utils/files/files.go b/core/utils/files/files.go
index 4ed117c97..0aab25873 100644
--- a/core/utils/files/files.go
+++ b/core/utils/files/files.go
@@ -32,7 +32,7 @@ func CopyFile(src, dst string, withName bool) error {
 			_ = os.MkdirAll(path.Dir(dst), os.ModePerm)
 		}
 	}
-	target, err := os.OpenFile(dst+"_temp", os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0755)
+	target, err := os.OpenFile(dst+"_temp", os.O_RDWR|os.O_CREATE|os.O_TRUNC, constant.FilePerm)
 	if err != nil {
 		return err
 	}
diff --git a/frontend/.gitignore b/frontend/.gitignore
index 90f604a96..8e33c61de 100644
--- a/frontend/.gitignore
+++ b/frontend/.gitignore
@@ -28,3 +28,4 @@ stats.html
 *.sln
 *.sw?
 .vscode
+folder-alias.json