smarty does not respect umask, but uses hard-coded permissions.

[Nimloth]

I don't know about other distros, but on FreeBSD, the init script for php-fpm allows setting umask.
We usually set it to 027 as each php-fpm pool will run under its own user, one pool per website being hosted.
None of those websites' dirs or files need (or indeed should) to be readable by others (at all).

Anyway, while php's file operations respect umask, smarty does not.
Even in the case mentioned above (explicitly run php-fpm with umask of 027), both compiled template files and cache files will be created with permission 644.

From my POV, smarty should not impose its own assumptions on users.
Just using stuff like file_put_contents or fopen do respect umask, so I do not see why smarty needs permissions to be hardcoded like thus:

smarty/libs/sysplugins/smarty_internal_runtime_writefile.php

Line 88 in 1ff79c6

chmod($_filepath, 0644);

See also
#507
for discussion around the whole topic. (Personally, I do not consider 'use ACLs for that sort of thing' as an adequate response, but YMMV.)

[janis-ps]

Agreed. Just found out from the PR linked above that $smarty->_file_perms was removed, which actually makes the situation worse. So, umask has no effect, and _file_perms doesn't exist anymore. If you require custom permissions, too bad - you're stuck with 0644.