feat(common): Standardize Permissions for Creating Folders and Files

2025-01-31 22:18:07 +08:00 · 2024-12-20 16:08:34 +08:00 · 2024-12-20 16:08:34 +08:00 · 75142b33a4
commit 75142b33a4
parent 7008774bb5
48 changed files with 153 additions and 133 deletions
--- a/agent/app/api/v2/file.go
+++ b/agent/app/api/v2/file.go
@ -610,7 +610,7 @@ func mergeChunks(fileName string, fileDir string, dstDir string, chunkCount int,
 	dstDir = strings.TrimSpace(dstDir)
 	mode, _ := files.GetParentMode(dstDir)
 	if mode == 0 {
-		mode = 0755
+		mode = constant.DirPerm
 	}
 	if _, err := os.Stat(dstDir); err != nil && os.IsNotExist(err) {
 		if err = op.CreateDir(dstDir, mode); err != nil {
@ -681,7 +681,7 @@ func (b *BaseApi) UploadChunkFiles(c *gin.Context) {
 	fileOp := files.NewFileOp()
 	tmpDir := path.Join(global.CONF.System.TmpDir, "upload")
 	if !fileOp.Stat(tmpDir) {
-		if err := fileOp.CreateDir(tmpDir, 0755); err != nil {
+		if err := fileOp.CreateDir(tmpDir, constant.DirPerm); err != nil {
 			helper.BadRequest(c, err)
 			return
 		}
@ -692,7 +692,7 @@ func (b *BaseApi) UploadChunkFiles(c *gin.Context) {
 		if fileOp.Stat(fileDir) {
 			_ = fileOp.DeleteDir(fileDir)
 		}
-		_ = os.MkdirAll(fileDir, 0755)
+		_ = os.MkdirAll(fileDir, constant.DirPerm)
 	}
 	filePath := filepath.Join(fileDir, filename)
@ -720,7 +720,7 @@ func (b *BaseApi) UploadChunkFiles(c *gin.Context) {
 	}
 	chunkPath := filepath.Join(fileDir, fmt.Sprintf("%s.%d", filename, chunkIndex))
-	err = os.WriteFile(chunkPath, chunkData, 0644)
+	err = os.WriteFile(chunkPath, chunkData, constant.DirPerm)
 	if err != nil {
 		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, buserr.WithMap(constant.ErrFileUpload, map[string]interface{}{"name": filename, "detail": err.Error()}, err))
 		return
--- a/agent/app/service/app_install.go
+++ b/agent/app/service/app_install.go
@ -404,10 +404,10 @@ func (a *AppInstallService) Update(req request.AppInstalledUpdate) error {
 		return err
 	}
 	fileOp := files.NewFileOp()
-	_ = fileOp.WriteFile(installed.GetComposePath(), strings.NewReader(installed.DockerCompose), 0755)
+	_ = fileOp.WriteFile(installed.GetComposePath(), strings.NewReader(installed.DockerCompose), constant.DirPerm)
 	if err := rebuildApp(installed); err != nil {
 		_ = env.Write(backupEnvMaps, envPath)
-		_ = fileOp.WriteFile(installed.GetComposePath(), strings.NewReader(backupDockerCompose), 0755)
+		_ = fileOp.WriteFile(installed.GetComposePath(), strings.NewReader(backupDockerCompose), constant.DirPerm)
 		return err
 	}
 	installed.Status = constant.Running
@ -856,7 +856,7 @@ func updateInstallInfoInDB(appKey, appName, param string, value interface{}) err
 			newFiles = append(newFiles, line)
 		}
 	}
-	file, err := os.OpenFile(envPath, os.O_WRONLY|os.O_TRUNC, 0666)
+	file, err := os.OpenFile(envPath, os.O_WRONLY|os.O_TRUNC, constant.FilePerm)
 	if err != nil {
 		return err
 	}
--- a/agent/app/service/app_utils.go
+++ b/agent/app/service/app_utils.go
@ -635,7 +635,7 @@ func upgradeInstall(req request.AppInstallUpgrade) error {
 		if fileOp.Stat(sourceScripts) {
 			dstScripts := path.Join(install.GetPath(), "scripts")
 			_ = fileOp.DeleteDir(dstScripts)
-			_ = fileOp.CreateDir(dstScripts, 0755)
+			_ = fileOp.CreateDir(dstScripts, constant.DirPerm)
 			scriptCmd := exec.Command("cp", "-rf", sourceScripts+"/.", dstScripts+"/")
 			_, _ = scriptCmd.CombinedOutput()
 		}
@ -678,7 +678,7 @@ func upgradeInstall(req request.AppInstallUpgrade) error {
 				return err
 			}
 			newConfDir := path.Join(constant.DataDir, "www", "conf.d")
-			_ = fileOp.CreateDir(newConfDir, 0644)
+			_ = fileOp.CreateDir(newConfDir, constant.DirPerm)
 			oldConfDir := path.Join(install.GetPath(), "conf/conf.d")
 			items, err := os.ReadDir(oldConfDir)
 			if err != nil {
@ -732,7 +732,7 @@ func upgradeInstall(req request.AppInstallUpgrade) error {
 			return err
 		}
-		if err = fileOp.WriteFile(install.GetComposePath(), strings.NewReader(install.DockerCompose), 0775); err != nil {
+		if err = fileOp.WriteFile(install.GetComposePath(), strings.NewReader(install.DockerCompose), constant.FilePerm); err != nil {
 			return err
 		}
@ -871,10 +871,10 @@ func downloadApp(app model.App, appDetail model.AppDetail, appInstall *model.App
 		return
 	}
 	if !fileOp.Stat(appDownloadDir) {
-		_ = fileOp.CreateDir(appDownloadDir, 0755)
+		_ = fileOp.CreateDir(appDownloadDir, constant.DirPerm)
 	}
 	if !fileOp.Stat(appVersionDir) {
-		_ = fileOp.CreateDir(appVersionDir, 0755)
+		_ = fileOp.CreateDir(appVersionDir, constant.DirPerm)
 	}
 	if logger == nil {
 		global.LOG.Infof("download app[%s] from %s", app.Name, appDetail.DownloadUrl)
@ -938,7 +938,7 @@ func copyData(task *task.Task, app model.App, appDetail model.AppDetail, appInst
 	resourceDir := path.Join(appResourceDir, appKey, appDetail.Version)
 	if !fileOp.Stat(installAppDir) {
-		if err = fileOp.CreateDir(installAppDir, 0755); err != nil {
+		if err = fileOp.CreateDir(installAppDir, constant.DirPerm); err != nil {
 			return
 		}
 	}
@ -962,7 +962,7 @@ func copyData(task *task.Task, app model.App, appDetail model.AppDetail, appInst
 	if err = env.Write(envParams, envPath); err != nil {
 		return
 	}
-	if err := fileOp.WriteFile(appInstall.GetComposePath(), strings.NewReader(appInstall.DockerCompose), 0755); err != nil {
+	if err := fileOp.WriteFile(appInstall.GetComposePath(), strings.NewReader(appInstall.DockerCompose), constant.DirPerm); err != nil {
 		return err
 	}
 	return
--- a/agent/app/service/backup_app.go
+++ b/agent/app/service/backup_app.go
@ -303,7 +303,7 @@ func handleAppRecover(install *model.AppInstall, parentTask *task.Task, recoverF
 		appDir := install.GetPath()
 		backPath := fmt.Sprintf("%s_bak", appDir)
 		_ = fileOp.Rename(appDir, backPath)
-		_ = fileOp.CreateDir(appDir, 0755)
+		_ = fileOp.CreateDir(appDir, constant.DirPerm)
 		deCompressName := i18n.GetWithName("DeCompressFile", "app.tar.gz")
 		t.LogStart(deCompressName)
--- a/agent/app/service/backup_runtime.go
+++ b/agent/app/service/backup_runtime.go
@ -98,7 +98,7 @@ func handleRuntimeRecover(runtime *model.Runtime, recoverFile string, isRollback
 	runtimeDir := runtime.GetPath()
 	backPath := fmt.Sprintf("%s_bak", runtimeDir)
 	_ = fileOp.Rename(runtimeDir, backPath)
-	_ = fileOp.CreateDir(runtimeDir, 0755)
+	_ = fileOp.CreateDir(runtimeDir, constant.DirPerm)
 	if err := handleUnTar(tmpPath+"/runtime.tar.gz", fmt.Sprintf("%s/%s", constant.RuntimeDir, runtime.Type), secret); err != nil {
 		global.LOG.Errorf("handle recover from runtime.tar.gz failed, err: %v", err)
--- a/agent/app/service/container.go
+++ b/agent/app/service/container.go
@ -773,7 +773,7 @@ func (u *ContainerService) ContainerLogClean(req dto.OperationWithName) error {
 	if err := client.ContainerStop(ctx, containerItem.ID, container.StopOptions{}); err != nil {
 		return err
 	}
-	file, err := os.OpenFile(containerItem.LogPath, os.O_RDWR|os.O_CREATE, 0666)
+	file, err := os.OpenFile(containerItem.LogPath, os.O_RDWR|os.O_CREATE, constant.FilePerm)
 	if err != nil {
 		return err
 	}
--- a/agent/app/service/container_compose.go
+++ b/agent/app/service/container_compose.go
@ -298,7 +298,7 @@ func (u *ContainerService) loadPath(req *dto.ComposeCreate) error {
 		}
 		path := fmt.Sprintf("%s/docker-compose.yml", dir)
-		file, err := os.OpenFile(path, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0666)
+		file, err := os.OpenFile(path, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, constant.FilePerm)
 		if err != nil {
 			return err
 		}
@ -350,7 +350,7 @@ func newComposeEnv(pathItem string, env []string) error {
 		return nil
 	}
 	envFilePath := path.Join(path.Dir(pathItem), "1panel.env")
-	file, err := os.OpenFile(envFilePath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0666)
+	file, err := os.OpenFile(envFilePath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, constant.FilePerm)
 	if err != nil {
 		global.LOG.Errorf("failed to create env file: %v", err)
 		return err
--- a/agent/app/service/cronjob.go
+++ b/agent/app/service/cronjob.go
@ -351,7 +351,7 @@ func mkdirAndWriteFile(cronjob *model.Cronjob, startTime time.Time, msg []byte)
 	path := fmt.Sprintf("%s/%s.log", dir, startTime.Format(constant.DateTimeSlimLayout))
 	global.LOG.Infof("cronjob %s has generated some logs %s", cronjob.Name, path)
-	file, err := os.OpenFile(path, os.O_WRONLY|os.O_CREATE, 0666)
+	file, err := os.OpenFile(path, os.O_WRONLY|os.O_CREATE, constant.FilePerm)
 	if err != nil {
 		return "", err
 	}
--- a/agent/app/service/cronjob_helper.go
+++ b/agent/app/service/cronjob_helper.go
@ -106,7 +106,7 @@ func (u *CronjobService) handleShell(cronjob model.Cronjob, logPath string) erro
 	if cronjob.ScriptMode == "input" {
 		fileItem := pathUtils.Join(global.CONF.System.BaseDir, "1panel", "task", "shell", cronjob.Name, cronjob.Name+".sh")
 		_ = os.MkdirAll(pathUtils.Dir(fileItem), os.ModePerm)
-		shellFile, err := os.OpenFile(fileItem, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0666)
+		shellFile, err := os.OpenFile(fileItem, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, constant.FilePerm)
 		if err != nil {
 			return err
 		}
@ -234,7 +234,7 @@ func (u *CronjobService) handleCutWebsiteLog(cronjob *model.Cronjob, startTime t
 		srcErrorLogPath := pathUtils.Join(websiteLogDir, "error.log")
 		dstLogDir := pathUtils.Join(global.CONF.System.Backup, "log", "website", website.Alias)
 		if !fileOp.Stat(dstLogDir) {
-			_ = os.MkdirAll(dstLogDir, 0755)
+			_ = os.MkdirAll(dstLogDir, constant.DirPerm)
 		}
 		dstName := fmt.Sprintf("%s_log_%s.gz", website.PrimaryDomain, startTime.Format(constant.DateTimeSlimLayout))
@ -248,8 +248,8 @@ func (u *CronjobService) handleCutWebsiteLog(cronjob *model.Cronjob, startTime t
 			global.LOG.Error(websiteErr.Error())
 			continue
 		} else {
-			_ = fileOp.WriteFile(srcAccessLogPath, strings.NewReader(""), 0755)
+			_ = fileOp.WriteFile(srcAccessLogPath, strings.NewReader(""), constant.DirPerm)
-			_ = fileOp.WriteFile(srcErrorLogPath, strings.NewReader(""), 0755)
+			_ = fileOp.WriteFile(srcErrorLogPath, strings.NewReader(""), constant.DirPerm)
 		}
 		msg := i18n.GetMsgWithMap("CutWebsiteLogSuccess", map[string]interface{}{"name": website.PrimaryDomain, "path": dstFilePath})
 		msgs = append(msgs, msg)
--- a/agent/app/service/database_mysql.go
+++ b/agent/app/service/database_mysql.go
@ -448,7 +448,7 @@ func (u *MysqlService) UpdateVariables(req dto.MysqlVariablesUpdate) error {
 			files = updateMyCnf(files, group, info.Param, info.Value)
 		}
 	}
-	file, err := os.OpenFile(path, os.O_WRONLY|os.O_TRUNC, 0666)
+	file, err := os.OpenFile(path, os.O_WRONLY|os.O_TRUNC, constant.FilePerm)
 	if err != nil {
 		return err
 	}
--- a/agent/app/service/database_redis.go
+++ b/agent/app/service/database_redis.go
@ -273,7 +273,7 @@ func confSet(redisName string, updateType string, changeConf []redisConfig) erro
 	}
 	newFiles = append(newFiles, "# End Redis configuration rewrite by 1Panel")
-	file, err := os.OpenFile(path, os.O_WRONLY|os.O_TRUNC, 0666)
+	file, err := os.OpenFile(path, os.O_WRONLY|os.O_TRUNC, constant.FilePerm)
 	if err != nil {
 		return err
 	}
--- a/agent/app/service/file.go
+++ b/agent/app/service/file.go
@ -192,7 +192,7 @@ func (f *FileService) Create(op request.FileCreate) error {
 		if err == nil {
 			mode = int64(fileInfo.Mode().Perm())
 		} else {
-			mode = 0755
+			mode = constant.DirPerm
 		}
 	}
 	if op.IsDir {
--- a/agent/app/service/firewall.go
+++ b/agent/app/service/firewall.go
@ -589,7 +589,7 @@ func (u *FirewallService) updatePingStatus(enable string) error {
 	if !hasLine {
 		newFiles = append(newFiles, "net/ipv4/icmp_echo_ignore_all="+enable)
 	}
-	file, err := os.OpenFile(confPath, os.O_WRONLY|os.O_TRUNC, 0666)
+	file, err := os.OpenFile(confPath, os.O_WRONLY|os.O_TRUNC, constant.FilePerm)
 	if err != nil {
 		return err
 	}
--- a/agent/app/service/host_tool.go
+++ b/agent/app/service/host_tool.go
@ -157,13 +157,13 @@ func (h *HostToolService) CreateToolConfig(req request.HostToolCreate) error {
 		supervisorDir := path.Join(global.CONF.System.BaseDir, "1panel", "tools", "supervisord")
 		includeDir := path.Join(supervisorDir, "supervisor.d")
 		if !fileOp.Stat(includeDir) {
-			if err = fileOp.CreateDir(includeDir, 0755); err != nil {
+			if err = fileOp.CreateDir(includeDir, constant.DirPerm); err != nil {
 				return err
 			}
 		}
 		logDir := path.Join(supervisorDir, "log")
 		if !fileOp.Stat(logDir) {
-			if err = fileOp.CreateDir(logDir, 0755); err != nil {
+			if err = fileOp.CreateDir(logDir, constant.DirPerm); err != nil {
 				return err
 			}
 		}
@ -466,7 +466,7 @@ func handleSupervisorFile(req request.SupervisorProcessFileReq, includeDir, cont
 			}
 			return string(content), nil
 		case "clear":
-			if err = fileOp.WriteFile(logFile, strings.NewReader(""), 0755); err != nil {
+			if err = fileOp.WriteFile(logFile, strings.NewReader(""), constant.DirPerm); err != nil {
 				return "", err
 			}
 		}
@ -486,7 +486,7 @@ func handleSupervisorFile(req request.SupervisorProcessFileReq, includeDir, cont
 			}
 			return string(content), nil
 		case "clear":
-			if err = fileOp.WriteFile(logFile, strings.NewReader(""), 0755); err != nil {
+			if err = fileOp.WriteFile(logFile, strings.NewReader(""), constant.DirPerm); err != nil {
 				return "", err
 			}
 		}
@ -503,7 +503,7 @@ func handleSupervisorFile(req request.SupervisorProcessFileReq, includeDir, cont
 			if req.Content == "" {
 				return "", buserr.New("ErrConfigIsNull")
 			}
-			if err := fileOp.WriteFile(configPath, strings.NewReader(req.Content), 0755); err != nil {
+			if err := fileOp.WriteFile(configPath, strings.NewReader(req.Content), constant.DirPerm); err != nil {
 				return "", err
 			}
 			return "", operateSupervisorCtl("update", "", req.Name, includeDir, containerName)
--- a/agent/app/service/image.go
+++ b/agent/app/service/image.go
@ -170,7 +170,7 @@ func (u *ImageService) ImageBuild(req dto.ImageBuild) error {
 		}
 		pathItem := fmt.Sprintf("%s/Dockerfile", dir)
-		file, err := os.OpenFile(pathItem, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0666)
+		file, err := os.OpenFile(pathItem, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, constant.FilePerm)
 		if err != nil {
 			return err
 		}
@ -317,7 +317,7 @@ func (u *ImageService) ImageSave(req dto.ImageSave) error {
 		return err
 	}
 	defer out.Close()
-	file, err := os.OpenFile(fmt.Sprintf("%s/%s.tar", req.Path, req.Name), os.O_WRONLY|os.O_CREATE|os.O_EXCL, 0666)
+	file, err := os.OpenFile(fmt.Sprintf("%s/%s.tar", req.Path, req.Name), os.O_WRONLY|os.O_CREATE|os.O_EXCL, constant.FilePerm)
 	if err != nil {
 		return err
 	}
--- a/agent/app/service/nginx.go
+++ b/agent/app/service/nginx.go
@ -136,7 +136,7 @@ func (n NginxService) UpdateConfigFile(req request.NginxConfigFileUpdate) error
 	if req.Backup {
 		backupPath := path.Join(path.Dir(filePath), "bak")
 		if !fileOp.Stat(backupPath) {
-			if err := fileOp.CreateDir(backupPath, 0755); err != nil {
+			if err := fileOp.CreateDir(backupPath, constant.DirPerm); err != nil {
 				return err
 			}
 		}
@ -152,12 +152,12 @@ func (n NginxService) UpdateConfigFile(req request.NginxConfigFileUpdate) error
 	if err != nil {
 		return err
 	}
-	if err = fileOp.WriteFile(filePath, strings.NewReader(req.Content), 0644); err != nil {
+	if err = fileOp.WriteFile(filePath, strings.NewReader(req.Content), constant.DirPerm); err != nil {
 		return err
 	}
 	if status, err := checkContainerStatus(nginxInstall.ContainerName); err == nil && status != "running" {
 		if out, err := compose.DownAndUp(nginxInstall.GetComposePath()); err != nil {
-			_ = fileOp.SaveFile(filePath, string(oldContent), 0644)
+			_ = fileOp.SaveFile(filePath, string(oldContent), constant.DirPerm)
 			return fmt.Errorf("nginx restart failed: %v", out)
 		} else {
 			return nginxCheckAndReload(string(oldContent), filePath, nginxInstall.ContainerName)
@ -207,7 +207,7 @@ func (n NginxService) Build(req request.NginxBuildReq) error {
 	)
 	if len(moduleContent) > 0 {
 		_ = json.Unmarshal(moduleContent, &modules)
-		bashFile, err := os.OpenFile(path.Join(buildPath, "tmp", "pre.sh"), os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0755)
+		bashFile, err := os.OpenFile(path.Join(buildPath, "tmp", "pre.sh"), os.O_CREATE|os.O_WRONLY|os.O_TRUNC, constant.DirPerm)
 		if err != nil {
 			return err
 		}
@ -358,5 +358,5 @@ func (n NginxService) UpdateModule(req request.NginxModuleUpdate) error {
 	if err != nil {
 		return err
 	}
-	return fileOp.SaveFileWithByte(moduleConfigPath, moduleByte, 0644)
+	return fileOp.SaveFileWithByte(moduleConfigPath, moduleByte, constant.DirPerm)
 }
--- a/agent/app/service/nginx_utils.go
+++ b/agent/app/service/nginx_utils.go
@ -220,11 +220,11 @@ func opNginx(containerName, operate string) error {
 func nginxCheckAndReload(oldContent string, filePath string, containerName string) error {
 	if err := opNginx(containerName, constant.NginxCheck); err != nil {
-		_ = files.NewFileOp().WriteFile(filePath, strings.NewReader(oldContent), 0644)
+		_ = files.NewFileOp().WriteFile(filePath, strings.NewReader(oldContent), constant.DirPerm)
 		return err
 	}
 	if err := opNginx(containerName, constant.NginxReload); err != nil {
-		_ = files.NewFileOp().WriteFile(filePath, strings.NewReader(oldContent), 0644)
+		_ = files.NewFileOp().WriteFile(filePath, strings.NewReader(oldContent), constant.DirPerm)
 		return err
 	}
 	return nil
--- a/agent/app/service/recycle_bin.go
+++ b/agent/app/service/recycle_bin.go
@ -175,7 +175,7 @@ func getClashDir(realPath string) (string, error) {
 func createClashDir(clashDir string) error {
 	op := files.NewFileOp()
 	if !op.Stat(clashDir) {
-		if err := op.CreateDir(clashDir, 0755); err != nil {
+		if err := op.CreateDir(clashDir, constant.DirPerm); err != nil {
 			return err
 		}
 	}
--- a/agent/app/service/runtime.go
+++ b/agent/app/service/runtime.go
@ -928,13 +928,13 @@ func (r *RuntimeService) UpdatePHPConfig(req request.PHPConfigUpdate) (err error
 		}
 	}
 	updatedContent := strings.Join(lines, "\n")
-	if err := fileOp.WriteFile(phpConfigPath, strings.NewReader(updatedContent), 0755); err != nil {
+	if err := fileOp.WriteFile(phpConfigPath, strings.NewReader(updatedContent), constant.DirPerm); err != nil {
 		return err
 	}
 	err = restartRuntime(runtime)
 	if err != nil {
-		_ = fileOp.WriteFile(phpConfigPath, strings.NewReader(string(contentBytes)), 0755)
+		_ = fileOp.WriteFile(phpConfigPath, strings.NewReader(string(contentBytes)), constant.DirPerm)
 		return err
 	}
 	return
@ -973,7 +973,7 @@ func (r *RuntimeService) UpdatePHPConfigFile(req request.PHPFileUpdate) error {
 	} else {
 		configPath = path.Join(runtime.GetPath(), "conf", "php.ini")
 	}
-	if err := files.NewFileOp().WriteFile(configPath, strings.NewReader(req.Content), 0755); err != nil {
+	if err := files.NewFileOp().WriteFile(configPath, strings.NewReader(req.Content), constant.DirPerm); err != nil {
 		return err
 	}
 	if _, err := compose.Restart(runtime.GetComposePath()); err != nil {
--- a/agent/app/service/runtime_utils.go
+++ b/agent/app/service/runtime_utils.go
@ -132,7 +132,7 @@ func runComposeCmdWithLog(operate string, composePath string, logPath string) er
 	if operate == "up" {
 		cmd = exec.Command("docker", "compose", "-f", composePath, operate, "-d")
 	}
-	logFile, err := os.OpenFile(logPath, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0666)
+	logFile, err := os.OpenFile(logPath, os.O_CREATE|os.O_WRONLY|os.O_APPEND, constant.FilePerm)
 	if err != nil {
 		global.LOG.Errorf("Failed to open log file: %v", err)
 		return err
@ -208,7 +208,7 @@ func buildRuntime(runtime *model.Runtime, oldImageID string, oldEnv string, rebu
 	composePath := runtime.GetComposePath()
 	logPath := path.Join(runtimePath, "build.log")
-	logFile, err := os.OpenFile(logPath, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0666)
+	logFile, err := os.OpenFile(logPath, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, constant.FilePerm)
 	if err != nil {
 		global.LOG.Errorf("failed to open log file: %v", err)
 		return
@ -502,7 +502,7 @@ func handleCompose(env gotenv.Env, composeContent []byte, create request.Runtime
 		return
 	}
 	fileOp := files.NewFileOp()
-	_ = fileOp.SaveFile(path.Join(projectDir, "docker-compose.yml"), string(composeByte), 0644)
+	_ = fileOp.SaveFile(path.Join(projectDir, "docker-compose.yml"), string(composeByte), constant.DirPerm)
 	return
 }
--- a/agent/app/service/ssh.go
+++ b/agent/app/service/ssh.go
@ -156,7 +156,7 @@ func (u *SSHService) Update(req dto.SSHUpdate) error {
 	}
 	lines := strings.Split(string(sshConf), "\n")
 	newFiles := updateSSHConf(lines, req.Key, req.NewValue)
-	file, err := os.OpenFile(sshPath, os.O_WRONLY|os.O_TRUNC, 0666)
+	file, err := os.OpenFile(sshPath, os.O_WRONLY|os.O_TRUNC, constant.FilePerm)
 	if err != nil {
 		return err
 	}
@ -200,7 +200,7 @@ func (u *SSHService) UpdateByFile(value string) error {
 		return err
 	}
-	file, err := os.OpenFile(sshPath, os.O_WRONLY|os.O_TRUNC, 0666)
+	file, err := os.OpenFile(sshPath, os.O_WRONLY|os.O_TRUNC, constant.FilePerm)
 	if err != nil {
 		return err
 	}
--- a/agent/app/service/website.go
+++ b/agent/app/service/website.go
@ -719,7 +719,7 @@ func (w WebsiteService) CreateWebsiteDomain(create request.WebsiteDomainCreate)
 		if err != nil {
 			return nil, err
 		}
-		if err := fileOp.SaveFileWithByte(websitesConfigPath, websitesContent, 0644); err != nil {
+		if err := fileOp.SaveFileWithByte(websitesConfigPath, websitesContent, constant.DirPerm); err != nil {
 			return nil, err
 		}
 	}
@ -816,7 +816,7 @@ func (w WebsiteService) DeleteWebsiteDomain(domainId uint) error {
 		if err != nil {
 			return err
 		}
-		if err = fileOp.SaveFileWithByte(websitesConfigPath, websitesContent, 0644); err != nil {
+		if err = fileOp.SaveFileWithByte(websitesConfigPath, websitesContent, constant.DirPerm); err != nil {
 			return err
 		}
 	}
@ -1169,7 +1169,7 @@ func (w WebsiteService) UpdateNginxConfigFile(req request.WebsiteNginxUpdate) er
 	}
 	filePath := nginxFull.SiteConfig.FilePath
-	if err = files.NewFileOp().WriteFile(filePath, strings.NewReader(req.Content), 0755); err != nil {
+	if err = files.NewFileOp().WriteFile(filePath, strings.NewReader(req.Content), constant.DirPerm); err != nil {
 		return err
 	}
 	return nginxCheckAndReload(nginxFull.SiteConfig.OldContent, filePath, nginxFull.Install.ContainerName)
@ -1248,7 +1248,7 @@ func (w WebsiteService) OpWebsiteLog(req request.WebsiteLogReq) (*response.Websi
 		}
 	case constant.DeleteLog:
 		logPath := path.Join(sitePath, "log", req.LogType)
-		if err := files.NewFileOp().WriteFile(logPath, strings.NewReader(""), 0755); err != nil {
+		if err := files.NewFileOp().WriteFile(logPath, strings.NewReader(""), constant.DirPerm); err != nil {
 			return nil, err
 		}
 	}
@ -1404,7 +1404,7 @@ func (w WebsiteService) UpdateRewriteConfig(req request.NginxRewriteUpdate) erro
 	fileOp := files.NewFileOp()
 	var oldRewriteContent []byte
 	if !fileOp.Stat(path.Dir(absolutePath)) {
-		if err := fileOp.CreateDir(path.Dir(absolutePath), 0755); err != nil {
+		if err := fileOp.CreateDir(path.Dir(absolutePath), constant.DirPerm); err != nil {
 			return err
 		}
 	}
@ -1418,12 +1418,12 @@ func (w WebsiteService) UpdateRewriteConfig(req request.NginxRewriteUpdate) erro
 			return err
 		}
 	}
-	if err := fileOp.WriteFile(absolutePath, strings.NewReader(req.Content), 0755); err != nil {
+	if err := fileOp.WriteFile(absolutePath, strings.NewReader(req.Content), constant.DirPerm); err != nil {
 		return err
 	}
 	if err := updateNginxConfig(constant.NginxScopeServer, []dto.NginxParam{{Name: "include", Params: []string{includePath}}}, &website); err != nil {
-		_ = fileOp.WriteFile(absolutePath, bytes.NewReader(oldRewriteContent), 0755)
+		_ = fileOp.WriteFile(absolutePath, bytes.NewReader(oldRewriteContent), constant.DirPerm)
 		return err
 	}
 	website.Rewrite = req.Name
@ -1463,7 +1463,7 @@ func (w WebsiteService) OperateCustomRewrite(req request.CustomRewriteOperate) e
 	rewriteDir := GetOpenrestyDir(DefaultRewriteDir)
 	fileOp := files.NewFileOp()
 	if !fileOp.Stat(rewriteDir) {
-		if err := fileOp.CreateDir(rewriteDir, 0755); err != nil {
+		if err := fileOp.CreateDir(rewriteDir, constant.DirPerm); err != nil {
 			return err
 		}
 	}
@ -1473,7 +1473,7 @@ func (w WebsiteService) OperateCustomRewrite(req request.CustomRewriteOperate) e
 		if fileOp.Stat(rewriteFile) {
 			return buserr.New(constant.ErrNameIsExist)
 		}
-		return fileOp.WriteFile(rewriteFile, strings.NewReader(req.Content), 0755)
+		return fileOp.WriteFile(rewriteFile, strings.NewReader(req.Content), constant.DirPerm)
 	case "delete":
 		return fileOp.DeleteFile(rewriteFile)
 	}
@ -1552,7 +1552,7 @@ func (w WebsiteService) OperateProxy(req request.WebsiteProxyConfig) (err error)
 	fileOp := files.NewFileOp()
 	includeDir := GetSitePath(website, SiteProxyDir)
 	if !fileOp.Stat(includeDir) {
-		_ = fileOp.CreateDir(includeDir, 0755)
+		_ = fileOp.CreateDir(includeDir, constant.DirPerm)
 	}
 	fileName := fmt.Sprintf("%s.conf", req.Name)
 	includePath := path.Join(includeDir, fileName)
@ -1570,7 +1570,7 @@ func (w WebsiteService) OperateProxy(req request.WebsiteProxyConfig) (err error)
 			case "create":
 				_ = fileOp.DeleteFile(includePath)
 			case "edit":
-				_ = fileOp.WriteFile(includePath, bytes.NewReader(oldContent), 0755)
+				_ = fileOp.WriteFile(includePath, bytes.NewReader(oldContent), constant.DirPerm)
 			}
 		}
 	}()
@ -1654,7 +1654,7 @@ func (w WebsiteService) UpdateProxyCache(req request.NginxProxyCacheUpdate) (err
 	cacheDir := GetSitePath(website, SiteCacheDir)
 	fileOp := files.NewFileOp()
 	if !fileOp.Stat(cacheDir) {
-		_ = fileOp.CreateDir(cacheDir, 0755)
+		_ = fileOp.CreateDir(cacheDir, constant.DirPerm)
 	}
 	if req.Open {
 		proxyCachePath := fmt.Sprintf("/www/sites/%s/cache levels=1:2 keys_zone=proxy_cache_zone_of_%s:%d%s max_size=%d%s inactive=%d%s", website.Alias, website.Alias, req.ShareCache, req.ShareCacheUnit, req.CacheLimit, req.CacheLimitUnit, req.CacheExpire, req.CacheExpireUnit)
@ -1811,12 +1811,12 @@ func (w WebsiteService) UpdateProxyFile(req request.NginxProxyUpdate) (err error
 	if err != nil {
 		return err
 	}
-	if err = fileOp.WriteFile(absolutePath, strings.NewReader(req.Content), 0755); err != nil {
+	if err = fileOp.WriteFile(absolutePath, strings.NewReader(req.Content), constant.DirPerm); err != nil {
 		return err
 	}
 	defer func() {
 		if err != nil {
-			_ = fileOp.WriteFile(absolutePath, bytes.NewReader(oldRewriteContent), 0755)
+			_ = fileOp.WriteFile(absolutePath, bytes.NewReader(oldRewriteContent), constant.DirPerm)
 		}
 	}()
 	return updateNginxConfig(constant.NginxScopeServer, nil, &website)
@ -1886,7 +1886,7 @@ func (w WebsiteService) UpdateAuthBasic(req request.NginxAuthUpdate) (err error)
 	absoluteAuthPath := path.Join(nginxInstall.GetPath(), authPath)
 	fileOp := files.NewFileOp()
 	if !fileOp.Stat(path.Dir(absoluteAuthPath)) {
-		_ = fileOp.CreateDir(path.Dir(absoluteAuthPath), 0755)
+		_ = fileOp.CreateDir(path.Dir(absoluteAuthPath), constant.DirPerm)
 	}
 	if !fileOp.Stat(absoluteAuthPath) {
 		_ = fileOp.CreateFile(absoluteAuthPath)
@ -2076,11 +2076,11 @@ func (w WebsiteService) UpdatePathAuthBasic(req request.NginxPathAuthUpdate) err
 	fileOp := files.NewFileOp()
 	authDir := path.Join(nginxInstall.GetPath(), "www", "sites", website.Alias, "path_auth")
 	if !fileOp.Stat(authDir) {
-		_ = fileOp.CreateDir(authDir, 0755)
+		_ = fileOp.CreateDir(authDir, constant.DirPerm)
 	}
 	passDir := path.Join(authDir, "pass")
 	if !fileOp.Stat(passDir) {
-		_ = fileOp.CreateDir(passDir, 0755)
+		_ = fileOp.CreateDir(passDir, constant.DirPerm)
 	}
 	confPath := path.Join(authDir, fmt.Sprintf("%s.conf", req.Name))
 	passPath := path.Join(passDir, fmt.Sprintf("%s.pass", req.Name))
@ -2122,7 +2122,7 @@ func (w WebsiteService) UpdatePathAuthBasic(req request.NginxPathAuthUpdate) err
 	if req.Remark != "" {
 		line = fmt.Sprintf("%s:%s:%s\n", req.Username, passwdHash, req.Remark)
 	}
-	_ = fileOp.SaveFile(passPath, line, 0644)
+	_ = fileOp.SaveFile(passPath, line, constant.DirPerm)
 	if err = nginx.WriteConfig(config, nginx.IndentedStyle); err != nil {
 		return buserr.WithErr(constant.ErrUpdateBuWebsite, err)
 	}
@ -2214,7 +2214,7 @@ func (w WebsiteService) UpdateAntiLeech(req request.NginxAntiLeechUpdate) (err e
 		return
 	}
 	if err = updateNginxConfig(constant.NginxScopeServer, nil, &website); err != nil {
-		_ = fileOp.WriteFile(nginxFull.SiteConfig.Config.FilePath, bytes.NewReader(backupContent), 0755)
+		_ = fileOp.WriteFile(nginxFull.SiteConfig.Config.FilePath, bytes.NewReader(backupContent), constant.DirPerm)
 		return
 	}
 	return
@ -2311,7 +2311,7 @@ func (w WebsiteService) OperateRedirect(req request.NginxRedirectReq) (err error
 	includeDir := GetSitePath(website, SiteRedirectDir)
 	fileOp := files.NewFileOp()
 	if !fileOp.Stat(includeDir) {
-		_ = fileOp.CreateDir(includeDir, 0755)
+		_ = fileOp.CreateDir(includeDir, constant.DirPerm)
 	}
 	fileName := fmt.Sprintf("%s.conf", req.Name)
 	includePath := path.Join(includeDir, fileName)
@ -2329,7 +2329,7 @@ func (w WebsiteService) OperateRedirect(req request.NginxRedirectReq) (err error
 			case "create":
 				_ = fileOp.DeleteFile(includePath)
 			case "edit":
-				_ = fileOp.WriteFile(includePath, bytes.NewReader(oldContent), 0755)
+				_ = fileOp.WriteFile(includePath, bytes.NewReader(oldContent), constant.DirPerm)
 			}
 		}
 	}()
@ -2597,12 +2597,12 @@ func (w WebsiteService) UpdateRedirectFile(req request.NginxRedirectUpdate) (err
 	if err != nil {
 		return err
 	}
-	if err = fileOp.WriteFile(absolutePath, strings.NewReader(req.Content), 0755); err != nil {
+	if err = fileOp.WriteFile(absolutePath, strings.NewReader(req.Content), constant.DirPerm); err != nil {
 		return err
 	}
 	defer func() {
 		if err != nil {
-			_ = fileOp.WriteFile(absolutePath, bytes.NewReader(oldRewriteContent), 0755)
+			_ = fileOp.WriteFile(absolutePath, bytes.NewReader(oldRewriteContent), constant.DirPerm)
 		}
 	}()
 	return updateNginxConfig(constant.NginxScopeServer, nil, &website)
@ -2662,7 +2662,7 @@ func (w WebsiteService) GetDefaultHtml(resourceType string) (*response.WebsiteHt
 	fileOp := files.NewFileOp()
 	defaultPath := path.Join(rootPath, "default")
 	if !fileOp.Stat(defaultPath) {
-		_ = fileOp.CreateDir(defaultPath, 0755)
+		_ = fileOp.CreateDir(defaultPath, constant.DirPerm)
 	}
 	res := &response.WebsiteHtmlRes{}
@ -2721,7 +2721,7 @@ func (w WebsiteService) UpdateDefaultHtml(req request.WebsiteHtmlUpdate) error {
 	fileOp := files.NewFileOp()
 	defaultPath := path.Join(rootPath, "default")
 	if !fileOp.Stat(defaultPath) {
-		_ = fileOp.CreateDir(defaultPath, 0755)
+		_ = fileOp.CreateDir(defaultPath, constant.DirPerm)
 	}
 	var resourcePath string
 	switch req.Type {
@ -2738,7 +2738,7 @@ func (w WebsiteService) UpdateDefaultHtml(req request.WebsiteHtmlUpdate) error {
 	default:
 		return nil
 	}
-	return fileOp.SaveFile(resourcePath, req.Content, 0644)
+	return fileOp.SaveFile(resourcePath, req.Content, constant.DirPerm)
 }
 func (w WebsiteService) GetLoadBalances(id uint) ([]dto.NginxUpstream, error) {
@ -2848,7 +2848,7 @@ func (w WebsiteService) CreateLoadBalance(req request.WebsiteLBCreate) error {
 	includeDir := path.Join(nginxInstall.GetPath(), "www", "sites", website.Alias, "upstream")
 	fileOp := files.NewFileOp()
 	if !fileOp.Stat(includeDir) {
-		_ = fileOp.CreateDir(includeDir, 0644)
+		_ = fileOp.CreateDir(includeDir, constant.DirPerm)
 	}
 	filePath := path.Join(includeDir, fmt.Sprintf("%s.conf", req.Name))
 	if fileOp.Stat(filePath) {
@ -3020,12 +3020,12 @@ func (w WebsiteService) UpdateLoadBalanceFile(req request.WebsiteLBUpdateFile) e
 	if err != nil {
 		return err
 	}
-	if err = fileOp.WriteFile(filePath, strings.NewReader(req.Content), 0755); err != nil {
+	if err = fileOp.WriteFile(filePath, strings.NewReader(req.Content), constant.DirPerm); err != nil {
 		return err
 	}
 	defer func() {
 		if err != nil {
-			_ = fileOp.WriteFile(filePath, bytes.NewReader(oldContent), 0755)
+			_ = fileOp.WriteFile(filePath, bytes.NewReader(oldContent), constant.DirPerm)
 		}
 	}()
 	return opNginx(nginxInstall.ContainerName, constant.NginxReload)
--- a/agent/app/service/website_ca.go
+++ b/agent/app/service/website_ca.go
@ -365,7 +365,7 @@ func (w WebsiteCAService) ObtainSSL(req request.WebsiteCAObtain) (*model.Website
 		}
 	}
-	logFile, _ := os.OpenFile(path.Join(constant.SSLLogDir, fmt.Sprintf("%s-ssl-%d.log", websiteSSL.PrimaryDomain, websiteSSL.ID)), os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0666)
+	logFile, _ := os.OpenFile(path.Join(constant.SSLLogDir, fmt.Sprintf("%s-ssl-%d.log", websiteSSL.PrimaryDomain, websiteSSL.ID)), os.O_CREATE|os.O_WRONLY|os.O_TRUNC, constant.FilePerm)
 	defer logFile.Close()
 	logger := log.New(logFile, "", log.LstdFlags)
 	logger.Println(i18n.GetMsgWithMap("ApplySSLSuccess", map[string]interface{}{"domain": strings.Join(domains, ",")}))
@ -430,13 +430,13 @@ func (w WebsiteCAService) DownloadFile(id uint) (*os.File, error) {
 			return nil, err
 		}
 	}
-	if err = fileOp.CreateDir(dir, 0666); err != nil {
+	if err = fileOp.CreateDir(dir, constant.DirPerm); err != nil {
 		return nil, err
 	}
-	if err = fileOp.WriteFile(path.Join(dir, "ca.csr"), strings.NewReader(ca.CSR), 0644); err != nil {
+	if err = fileOp.WriteFile(path.Join(dir, "ca.csr"), strings.NewReader(ca.CSR), constant.DirPerm); err != nil {
 		return nil, err
 	}
-	if err = fileOp.WriteFile(path.Join(dir, "private.key"), strings.NewReader(ca.PrivateKey), 0644); err != nil {
+	if err = fileOp.WriteFile(path.Join(dir, "private.key"), strings.NewReader(ca.PrivateKey), constant.DirPerm); err != nil {
 		return nil, err
 	}
 	fileName := ca.Name + ".zip"
--- a/agent/app/service/website_ssl.go
+++ b/agent/app/service/website_ssl.go
@ -137,7 +137,7 @@ func (w WebsiteSSLService) Create(create request.WebsiteSSLCreate) (request.Webs
 	if create.PushDir {
 		fileOP := files.NewFileOp()
 		if !fileOP.Stat(create.Dir) {
-			_ = fileOP.CreateDir(create.Dir, 0755)
+			_ = fileOP.CreateDir(create.Dir, constant.DirPerm)
 		}
 		websiteSSL.Dir = create.Dir
 	}
@ -295,7 +295,7 @@ func (w WebsiteSSLService) ObtainSSL(apply request.WebsiteSSLApply) error {
 	}
 	go func() {
-		logFile, _ := os.OpenFile(path.Join(constant.SSLLogDir, fmt.Sprintf("%s-ssl-%d.log", websiteSSL.PrimaryDomain, websiteSSL.ID)), os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0666)
+		logFile, _ := os.OpenFile(path.Join(constant.SSLLogDir, fmt.Sprintf("%s-ssl-%d.log", websiteSSL.PrimaryDomain, websiteSSL.ID)), os.O_CREATE|os.O_WRONLY|os.O_TRUNC, constant.FilePerm)
 		defer logFile.Close()
 		logger := log.New(logFile, "", log.LstdFlags)
 		legoLogger.Logger = logger
@ -492,7 +492,7 @@ func (w WebsiteSSLService) Update(update request.WebsiteSSLUpdate) error {
 	if update.PushDir {
 		fileOP := files.NewFileOp()
 		if !fileOP.Stat(update.Dir) {
-			_ = fileOP.CreateDir(update.Dir, 0755)
+			_ = fileOP.CreateDir(update.Dir, constant.DirPerm)
 		}
 		updateParams["dir"] = update.Dir
 	}
@ -635,13 +635,13 @@ func (w WebsiteSSLService) DownloadFile(id uint) (*os.File, error) {
 			return nil, err
 		}
 	}
-	if err = fileOp.CreateDir(dir, 0666); err != nil {
+	if err = fileOp.CreateDir(dir, constant.DirPerm); err != nil {
 		return nil, err
 	}
-	if err = fileOp.WriteFile(path.Join(dir, "fullchain.pem"), strings.NewReader(websiteSSL.Pem), 0644); err != nil {
+	if err = fileOp.WriteFile(path.Join(dir, "fullchain.pem"), strings.NewReader(websiteSSL.Pem), constant.DirPerm); err != nil {
 		return nil, err
 	}
-	if err = fileOp.WriteFile(path.Join(dir, "privkey.pem"), strings.NewReader(websiteSSL.PrivateKey), 0644); err != nil {
+	if err = fileOp.WriteFile(path.Join(dir, "privkey.pem"), strings.NewReader(websiteSSL.PrivateKey), constant.DirPerm); err != nil {
 		return nil, err
 	}
 	fileName := websiteSSL.PrimaryDomain + ".zip"
--- a/agent/app/service/website_utils.go
+++ b/agent/app/service/website_utils.go
@ -62,7 +62,7 @@ func createIndexFile(website *model.Website, runtime *model.Runtime) error {
 	fileOp := files.NewFileOp()
 	if !fileOp.Stat(indexFolder) {
-		if err := fileOp.CreateDir(indexFolder, 0755); err != nil {
+		if err := fileOp.CreateDir(indexFolder, constant.DirPerm); err != nil {
 			return err
 		}
 	}
@ -76,13 +76,13 @@ func createIndexFile(website *model.Website, runtime *model.Runtime) error {
 			return err
 		}
 	}
-	if err := fileOp.WriteFile(indexPath, strings.NewReader(indexContent), 0755); err != nil {
+	if err := fileOp.WriteFile(indexPath, strings.NewReader(indexContent), constant.DirPerm); err != nil {
 		return err
 	}
 	html404, _ := websiteService.GetDefaultHtml("404")
 	path404 := path.Join(indexFolder, "404.html")
-	if err := fileOp.WriteFile(path404, strings.NewReader(html404.Content), 0755); err != nil {
+	if err := fileOp.WriteFile(path404, strings.NewReader(html404.Content), constant.DirPerm); err != nil {
 		return err
 	}
@ -98,7 +98,7 @@ func createProxyFile(website *model.Website) error {
 	filePath := path.Join(proxyFolder, "root.conf")
 	fileOp := files.NewFileOp()
 	if !fileOp.Stat(proxyFolder) {
-		if err := fileOp.CreateDir(proxyFolder, 0755); err != nil {
+		if err := fileOp.CreateDir(proxyFolder, constant.DirPerm); err != nil {
 			return err
 		}
 	}
@ -130,10 +130,10 @@ func createWebsiteFolder(website *model.Website, runtime *model.Runtime) error {
 	siteFolder := GteSiteDir(website.Alias)
 	fileOp := files.NewFileOp()
 	if !fileOp.Stat(siteFolder) {
-		if err := fileOp.CreateDir(siteFolder, 0755); err != nil {
+		if err := fileOp.CreateDir(siteFolder, constant.DirPerm); err != nil {
 			return err
 		}
-		if err := fileOp.CreateDir(path.Join(siteFolder, "log"), 0755); err != nil {
+		if err := fileOp.CreateDir(path.Join(siteFolder, "log"), constant.DirPerm); err != nil {
 			return err
 		}
 		if err := fileOp.CreateFile(path.Join(siteFolder, "log", "access.log")); err != nil {
@ -142,16 +142,16 @@ func createWebsiteFolder(website *model.Website, runtime *model.Runtime) error {
 		if err := fileOp.CreateFile(path.Join(siteFolder, "log", "error.log")); err != nil {
 			return err
 		}
-		if err := fileOp.CreateDir(path.Join(siteFolder, "index"), 0775); err != nil {
+		if err := fileOp.CreateDir(path.Join(siteFolder, "index"), constant.DirPerm); err != nil {
 			return err
 		}
-		if err := fileOp.CreateDir(path.Join(siteFolder, "ssl"), 0755); err != nil {
+		if err := fileOp.CreateDir(path.Join(siteFolder, "ssl"), constant.DirPerm); err != nil {
 			return err
 		}
 		if website.Type == constant.Runtime {
 			if runtime.Type == constant.RuntimePHP && runtime.Resource == constant.ResourceLocal {
 				phpPoolDir := path.Join(siteFolder, "php-pool")
-				if err := fileOp.CreateDir(phpPoolDir, 0755); err != nil {
+				if err := fileOp.CreateDir(phpPoolDir, constant.DirPerm); err != nil {
 					return err
 				}
 				if err := fileOp.CreateFile(path.Join(phpPoolDir, "php-fpm.sock")); err != nil {
@ -314,7 +314,7 @@ func createWafConfig(website *model.Website, domains []model.WebsiteDomain) erro
 	if err != nil {
 		return err
 	}
-	if err := fileOp.SaveFileWithByte(websitesConfigPath, websitesContent, 0644); err != nil {
+	if err := fileOp.SaveFileWithByte(websitesConfigPath, websitesContent, constant.DirPerm); err != nil {
 		return err
 	}
@ -331,7 +331,7 @@ func createWafConfig(website *model.Website, domains []model.WebsiteDomain) erro
 	}
 	if !fileOp.Stat(websiteDir) {
-		if err = fileOp.CreateDir(websiteDir, 0755); err != nil {
+		if err = fileOp.CreateDir(websiteDir, constant.DirPerm); err != nil {
 			return err
 		}
 	}
@ -341,13 +341,13 @@ func createWafConfig(website *model.Website, domains []model.WebsiteDomain) erro
 		}
 	}()
-	if err = fileOp.SaveFileWithByte(path.Join(websiteDir, "config.json"), defaultConfigContent, 0644); err != nil {
+	if err = fileOp.SaveFileWithByte(path.Join(websiteDir, "config.json"), defaultConfigContent, constant.DirPerm); err != nil {
 		return err
 	}
 	websiteRuleDir := path.Join(websiteDir, "rules")
 	if !fileOp.Stat(websiteRuleDir) {
-		if err := fileOp.CreateDir(websiteRuleDir, 0755); err != nil {
+		if err := fileOp.CreateDir(websiteRuleDir, constant.DirPerm); err != nil {
 			return err
 		}
 	}
@ -443,7 +443,7 @@ func delWafConfig(website model.Website, force bool) error {
 	if err != nil {
 		return err
 	}
-	if err := fileOp.SaveFileWithByte(websitesConfigPath, websitesContent, 0644); err != nil {
+	if err := fileOp.SaveFileWithByte(websitesConfigPath, websitesContent, constant.DirPerm); err != nil {
 		return err
 	}
@ -557,7 +557,7 @@ func createPemFile(website model.Website, websiteSSL model.WebsiteSSL) error {
 	fileOp := files.NewFileOp()
 	if !fileOp.Stat(configDir) {
-		if err := fileOp.CreateDir(configDir, 0775); err != nil {
+		if err := fileOp.CreateDir(configDir, constant.DirPerm); err != nil {
 			return err
 		}
 	}
@ -576,10 +576,10 @@ func createPemFile(website model.Website, websiteSSL model.WebsiteSSL) error {
 		}
 	}
-	if err := fileOp.WriteFile(fullChainFile, strings.NewReader(websiteSSL.Pem), 0644); err != nil {
+	if err := fileOp.WriteFile(fullChainFile, strings.NewReader(websiteSSL.Pem), constant.DirPerm); err != nil {
 		return err
 	}
-	if err := fileOp.WriteFile(privatePemFile, strings.NewReader(websiteSSL.PrivateKey), 0644); err != nil {
+	if err := fileOp.WriteFile(privatePemFile, strings.NewReader(websiteSSL.PrivateKey), constant.DirPerm); err != nil {
 		return err
 	}
 	return nil
@ -1019,12 +1019,12 @@ func saveCertificateFile(websiteSSL *model.WebsiteSSL, logger *log.Logger) {
 			pushErr error
 			MsgMap  = map[string]interface{}{"path": websiteSSL.Dir, "status": i18n.GetMsgByKey("Success")}
 		)
-		if pushErr = fileOp.SaveFile(path.Join(websiteSSL.Dir, "privkey.pem"), websiteSSL.PrivateKey, 0666); pushErr != nil {
+		if pushErr = fileOp.SaveFile(path.Join(websiteSSL.Dir, "privkey.pem"), websiteSSL.PrivateKey, constant.FilePerm); pushErr != nil {
 			MsgMap["status"] = i18n.GetMsgByKey("Failed")
 			logger.Println(i18n.GetMsgWithMap("PushDirLog", MsgMap))
 			logger.Println("Push dir failed:" + pushErr.Error())
 		}
-		if pushErr = fileOp.SaveFile(path.Join(websiteSSL.Dir, "fullchain.pem"), websiteSSL.Pem, 0666); pushErr != nil {
+		if pushErr = fileOp.SaveFile(path.Join(websiteSSL.Dir, "fullchain.pem"), websiteSSL.Pem, constant.FilePerm); pushErr != nil {
 			MsgMap["status"] = i18n.GetMsgByKey("Failed")
 			logger.Println(i18n.GetMsgWithMap("PushDirLog", MsgMap))
 			logger.Println("Push dir failed:" + pushErr.Error())
@ -1227,7 +1227,7 @@ func openProxyCache(website model.Website) error {
 	cacheDir := GetSitePath(website, SiteCacheDir)
 	fileOp := files.NewFileOp()
 	if !fileOp.Stat(cacheDir) {
-		_ = fileOp.CreateDir(cacheDir, 0755)
+		_ = fileOp.CreateDir(cacheDir, constant.DirPerm)
 	}
 	content, err := fileOp.GetContent(GetSitePath(website, SiteConf))
 	if err != nil {
--- a/agent/app/task/task.go
+++ b/agent/app/task/task.go
@ -94,12 +94,12 @@ func NewTask(name, operate, taskScope, taskID string, resourceID uint) (*Task, e
 	}
 	logDir := path.Join(constant.LogDir, taskScope)
 	if _, err := os.Stat(logDir); os.IsNotExist(err) {
-		if err = os.MkdirAll(logDir, 0755); err != nil {
+		if err = os.MkdirAll(logDir, constant.DirPerm); err != nil {
 			return nil, fmt.Errorf("failed to create log directory: %w", err)
 		}
 	}
 	logPath := path.Join(constant.LogDir, taskScope, taskID+".log")
-	file, err := os.OpenFile(logPath, os.O_TRUNC|os.O_CREATE|os.O_WRONLY, 0666)
+	file, err := os.OpenFile(logPath, os.O_TRUNC|os.O_CREATE|os.O_WRONLY, constant.FilePerm)
 	if err != nil {
 		return nil, fmt.Errorf("failed to open log file: %w", err)
 	}
--- a/agent/constant/common.go
+++ b/agent/constant/common.go
@ -28,3 +28,8 @@ const (
 	DateTimeLayout     = "2006-01-02 15:04:05" // or use time.DateTime while go version >= 1.20
 	DateTimeSlimLayout = "20060102150405"
 )
 const (
 	DirPerm  = 0755
 	FilePerm = 0644
 )
--- a/agent/init/app/app.go
+++ b/agent/init/app/app.go
@ -44,6 +44,6 @@ func Init() {
 func createDir(fileOp files.FileOp, dirPath string) {
 	if !fileOp.Stat(dirPath) {
-		_ = fileOp.CreateDir(dirPath, 0755)
+		_ = fileOp.CreateDir(dirPath, constant.DirPerm)
 	}
 }
--- a/agent/log/config.go
+++ b/agent/log/config.go
@ -2,6 +2,7 @@ package log
 import (
 	"errors"
 	"github.com/1Panel-dev/1Panel/agent/constant"
 	"io"
 	"os"
 	"path"
@ -9,7 +10,7 @@ import (
 var (
 	BufferSize         = 0x100000
-	DefaultFileMode    = os.FileMode(0644)
+	DefaultFileMode    = os.FileMode(constant.DirPerm)
 	DefaultFileFlag    = os.O_RDWR | os.O_CREATE | os.O_APPEND
 	ErrInvalidArgument = errors.New("error argument invalid")
 	QueueSize          = 1024
--- a/agent/log/writer.go
+++ b/agent/log/writer.go
@ -1,6 +1,7 @@
 package log
 import (
 	"github.com/1Panel-dev/1Panel/agent/constant"
 	"log"
 	"os"
 	"path"
@ -84,7 +85,7 @@ func NewWriterFromConfig(c *Config) (RollingWriter, error) {
 		return nil, err
 	}
 	filepath := FilePath(c)
-	file, err := os.OpenFile(filepath, os.O_RDWR|os.O_CREATE|os.O_APPEND, 0644)
+	file, err := os.OpenFile(filepath, os.O_RDWR|os.O_CREATE|os.O_APPEND, constant.DirPerm)
 	if err != nil {
 		return nil, err
 	}
--- a/agent/server/server.go
+++ b/agent/server/server.go
@ -3,6 +3,7 @@ package server
 import (
 	"crypto/tls"
 	"fmt"
 	"github.com/1Panel-dev/1Panel/agent/constant"
 	"net"
 	"net/http"
 	"os"
@ -54,7 +55,7 @@ func Start() {
 	if global.IsMaster {
 		_ = os.Remove("/etc/1panel/agent.sock")
-		_ = os.Mkdir("/etc/1panel", 0755)
+		_ = os.Mkdir("/etc/1panel", constant.DirPerm)
 		listener, err := net.Listen("unix", "/etc/1panel/agent.sock")
 		if err != nil {
 			panic(err)
--- a/agent/utils/cloud_storage/client/webdav.go
+++ b/agent/utils/cloud_storage/client/webdav.go
@ -3,6 +3,7 @@ package client
 import (
 	"crypto/tls"
 	"fmt"
 	"github.com/1Panel-dev/1Panel/agent/constant"
 	"io"
 	"net/http"
 	"os"
@ -51,7 +52,7 @@ func (s webDAVClient) Upload(src, target string) (bool, error) {
 	}
 	defer srcFile.Close()
-	if err := s.client.WriteStream(targetFilePath, srcFile, 0644); err != nil {
+	if err := s.client.WriteStream(targetFilePath, srcFile, constant.DirPerm); err != nil {
 		return false, err
 	}
 	return true, nil
--- a/agent/utils/cmd/cmd.go
+++ b/agent/utils/cmd/cmd.go
@ -63,7 +63,7 @@ func ExecWithTimeOut(cmdStr string, timeout time.Duration) (string, error) {
 func ExecWithLogFile(cmdStr string, timeout time.Duration, outputFile string) error {
 	cmd := exec.Command("bash", "-c", cmdStr)
-	outFile, err := os.OpenFile(outputFile, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0644)
+	outFile, err := os.OpenFile(outputFile, os.O_CREATE|os.O_WRONLY|os.O_APPEND, constant.DirPerm)
 	if err != nil {
 		return err
 	}
@ -108,7 +108,7 @@ func ExecContainerScript(containerName, cmdStr string, timeout time.Duration) er
 }
 func ExecShell(outPath string, timeout time.Duration, name string, arg ...string) error {
-	file, err := os.OpenFile(outPath, os.O_WRONLY|os.O_CREATE, 0666)
+	file, err := os.OpenFile(outPath, os.O_WRONLY|os.O_CREATE, constant.FilePerm)
 	if err != nil {
 		return err
 	}
--- a/agent/utils/common/common.go
+++ b/agent/utils/common/common.go
@ -3,6 +3,7 @@ package common
 import (
 	"crypto/rand"
 	"fmt"
 	"github.com/1Panel-dev/1Panel/agent/constant"
 	"io"
 	mathRand "math/rand"
 	"net"
@ -137,7 +138,7 @@ func CopyFile(src, dst string) error {
 			_ = os.MkdirAll(path.Dir(dst), os.ModePerm)
 		}
 	}
-	target, err := os.OpenFile(dst+"_temp", os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0755)
+	target, err := os.OpenFile(dst+"_temp", os.O_RDWR|os.O_CREATE|os.O_TRUNC, constant.DirPerm)
 	if err != nil {
 		return err
 	}
--- a/agent/utils/files/file_op.go
+++ b/agent/utils/files/file_op.go
@ -558,7 +558,7 @@ func (f FileOp) Compress(srcRiles []string, dst string, name string, cType Compr
 	}
 	if !f.Stat(dst) {
-		_ = f.CreateDir(dst, 0755)
+		_ = f.CreateDir(dst, constant.DirPerm)
 	}
 	files, err := archiver.FilesFromDisk(nil, fileMaps)
--- a/agent/utils/mysql/client/local.go
+++ b/agent/utils/mysql/client/local.go
@ -224,7 +224,7 @@ func (r *Local) Backup(info BackupInfo) error {
 			return fmt.Errorf("mkdir %s failed, err: %v", info.TargetDir, err)
 		}
 	}
-	outfile, err := os.OpenFile(path.Join(info.TargetDir, info.FileName), os.O_RDWR|os.O_CREATE, 0755)
+	outfile, err := os.OpenFile(path.Join(info.TargetDir, info.FileName), os.O_RDWR|os.O_CREATE, constant.DirPerm)
 	if err != nil {
 		return fmt.Errorf("open file %s failed, err: %v", path.Join(info.TargetDir, info.FileName), err)
 	}
--- a/agent/utils/mysql/client/remote.go
+++ b/agent/utils/mysql/client/remote.go
@ -235,7 +235,7 @@ func (r *Remote) Backup(info BackupInfo) error {
 			return fmt.Errorf("mkdir %s failed, err: %v", info.TargetDir, err)
 		}
 	}
-	outfile, err := os.OpenFile(path.Join(info.TargetDir, info.FileName), os.O_RDWR|os.O_CREATE, 0755)
+	outfile, err := os.OpenFile(path.Join(info.TargetDir, info.FileName), os.O_RDWR|os.O_CREATE, constant.DirPerm)
 	if err != nil {
 		return fmt.Errorf("open file %s failed, err: %v", path.Join(info.TargetDir, info.FileName), err)
 	}
--- a/agent/utils/nginx/dumper.go
+++ b/agent/utils/nginx/dumper.go
@ -3,6 +3,7 @@ package nginx
 import (
 	"bytes"
 	"fmt"
 	"github.com/1Panel-dev/1Panel/agent/constant"
 	"os"
 	"strings"
@ -111,5 +112,5 @@ func DumpConfig(c *components.Config, style *Style) string {
 }
 func WriteConfig(c *components.Config, style *Style) error {
-	return os.WriteFile(c.FilePath, []byte(DumpConfig(c, style)), 0644)
+	return os.WriteFile(c.FilePath, []byte(DumpConfig(c, style)), constant.DirPerm)
 }
--- a/agent/utils/postgresql/client/local.go
+++ b/agent/utils/postgresql/client/local.go
@ -130,7 +130,7 @@ func (r *Local) Backup(info BackupInfo) error {
 			return fmt.Errorf("mkdir %s failed, err: %v", info.TargetDir, err)
 		}
 	}
-	outfile, err := os.OpenFile(path.Join(info.TargetDir, info.FileName), os.O_RDWR|os.O_CREATE, 0755)
+	outfile, err := os.OpenFile(path.Join(info.TargetDir, info.FileName), os.O_RDWR|os.O_CREATE, constant.DirPerm)
 	if err != nil {
 		return fmt.Errorf("open file %s failed, err: %v", path.Join(info.TargetDir, info.FileName), err)
 	}
--- a/core/app/service/backup.go
+++ b/core/app/service/backup.go
@ -481,7 +481,7 @@ func (u *BackupService) checkBackupConn(backup *model.BackupAccount) (bool, erro
 			return false, err
 		}
 	}
-	file, err := os.OpenFile(fileItem, os.O_WRONLY|os.O_CREATE, 0666)
+	file, err := os.OpenFile(fileItem, os.O_WRONLY|os.O_CREATE, constant.FilePerm)
 	if err != nil {
 		return false, err
 	}
--- a/core/app/task/task.go
+++ b/core/app/task/task.go
@ -73,12 +73,12 @@ func NewTask(name, operate, taskScope, taskID string, resourceID uint) (*Task, e
 	logItem := path.Join(global.CONF.System.BaseDir, "1panel/log")
 	logDir := path.Join(logItem, taskScope)
 	if _, err := os.Stat(logDir); os.IsNotExist(err) {
-		if err = os.MkdirAll(logDir, 0755); err != nil {
+		if err = os.MkdirAll(logDir, constant.DirPerm); err != nil {
 			return nil, fmt.Errorf("failed to create log directory: %w", err)
 		}
 	}
 	logPath := path.Join(logItem, taskScope, taskID+".log")
-	file, err := os.OpenFile(logPath, os.O_TRUNC|os.O_CREATE|os.O_WRONLY, 0666)
+	file, err := os.OpenFile(logPath, os.O_TRUNC|os.O_CREATE|os.O_WRONLY, constant.FilePerm)
 	if err != nil {
 		return nil, fmt.Errorf("failed to open log file: %w", err)
 	}
--- a/core/constant/common.go
+++ b/core/constant/common.go
@ -35,4 +35,9 @@ const (
 	GoogleRedirectURI   = "http://localhost:8080"
 )
 const (
 	DirPerm  = 0755
 	FilePerm = 0644
 )
 var CertStore atomic.Value
--- a/core/log/config.go
+++ b/core/log/config.go
@ -2,6 +2,7 @@ package log
 import (
 	"errors"
 	"github.com/1Panel-dev/1Panel/core/constant"
 	"io"
 	"os"
 	"path"
@ -9,7 +10,7 @@ import (
 var (
 	BufferSize         = 0x100000
-	DefaultFileMode    = os.FileMode(0644)
+	DefaultFileMode    = os.FileMode(constant.DirPerm)
 	DefaultFileFlag    = os.O_RDWR | os.O_CREATE | os.O_APPEND
 	ErrInvalidArgument = errors.New("error argument invalid")
 	QueueSize          = 1024
--- a/core/log/writer.go
+++ b/core/log/writer.go
@ -1,6 +1,7 @@
 package log
 import (
 	"github.com/1Panel-dev/1Panel/core/constant"
 	"log"
 	"os"
 	"path"
@ -84,7 +85,7 @@ func NewWriterFromConfig(c *Config) (RollingWriter, error) {
 		return nil, err
 	}
 	filepath := FilePath(c)
-	file, err := os.OpenFile(filepath, os.O_RDWR|os.O_CREATE|os.O_APPEND, 0644)
+	file, err := os.OpenFile(filepath, os.O_RDWR|os.O_CREATE|os.O_APPEND, constant.DirPerm)
 	if err != nil {
 		return nil, err
 	}
--- a/core/middleware/session.go
+++ b/core/middleware/session.go
@ -23,7 +23,7 @@ func SessionAuth() gin.HandlerFunc {
 		}
 		psession, err := global.SESSION.Get(c)
 		if err != nil {
-			helper.ErrorWithDetail(c, constant.CodeErrUnauthorized, constant.ErrTypeNotLogin, nil)
+			helper.ErrorWithDetail(c, constant.CodeErrUnauthorized, constant.ErrTypeNotLogin, err)
 			return
 		}
 		settingRepo := repo.NewISettingRepo()
--- a/core/utils/cloud_storage/client/webdav.go
+++ b/core/utils/cloud_storage/client/webdav.go
@ -3,6 +3,7 @@ package client
 import (
 	"crypto/tls"
 	"fmt"
 	"github.com/1Panel-dev/1Panel/core/constant"
 	"net/http"
 	"os"
 	"path"
@ -50,7 +51,7 @@ func (s webDAVClient) Upload(src, target string) (bool, error) {
 	}
 	defer srcFile.Close()
-	if err := s.client.WriteStream(targetFilePath, srcFile, 0644); err != nil {
+	if err := s.client.WriteStream(targetFilePath, srcFile, constant.DirPerm); err != nil {
 		return false, err
 	}
 	return true, nil
--- a/core/utils/files/files.go
+++ b/core/utils/files/files.go
@ -32,7 +32,7 @@ func CopyFile(src, dst string, withName bool) error {
 			_ = os.MkdirAll(path.Dir(dst), os.ModePerm)
 		}
 	}
-	target, err := os.OpenFile(dst+"_temp", os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0755)
+	target, err := os.OpenFile(dst+"_temp", os.O_RDWR|os.O_CREATE|os.O_TRUNC, constant.FilePerm)
 	if err != nil {
 		return err
 	}
--- a/frontend/.gitignore
+++ b/frontend/.gitignore
@ -28,3 +28,4 @@ stats.html
 *.sln
 *.sw?
 .vscode
 folder-alias.json