Just to double check - are you doing this locally in the Remote - Containers extension or in a Codespace? If Remote - Containers, on Windows, “bind mounts” all have those permissions due to how Docker works on that platform. This should not happen in a Codespace, however.

Can you share the Dockerfile you used? It’s possible that there’s something in the image designed to do this for permissions purposes.

Okay got it - I wasn’t repro’ing since I was creating a folder outside of the workspace folder.

What is going on is that the files in the workspace folder mounted from a mount point that is using an ACL that will set those permissions. If you go run mkdir ~/test, you’ll see that it is in fact getting the right privs. However, to see the privs for the ACL for the workspace folder, you’ll need the getacl tool. Install it as follows:

sudo apt-get update
sudo apt-get install acl

Then from the workspace folder run

getacl .

You’ll see this:

# file: .
# owner: root
# group: root
user::rwx
group::r-x
other::rwx
default:user::rwx
default:group::rwx
default:other::rwx

Is this causing a problem for you?

EDIT: There’s also a fix for this and things getting cloned as “root” coming soon. Both are related to the same problem.

FYI this umask behaviour breaks the CPython test suite. The above workaround fixes one test failure, but since this doesn't touch /tmp it didn't fix it for another (had to also run the above command for that second location).