From cf876e6b70be371df13efe92addceb0b5573ed51 Mon Sep 17 00:00:00 2001
From: Steve Renaker <steve.renaker@mongodb.com>
Date: Fri, 6 Oct 2017 16:12:58 -0700
Subject: [PATCH 1/2] DOCS-10737: server parameter honorSystemUmask

---
 source/reference/parameters.txt | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/source/reference/parameters.txt b/source/reference/parameters.txt
index 905a2e850d1..cac5ef4191d 100644
--- a/source/reference/parameters.txt
+++ b/source/reference/parameters.txt
@@ -1251,6 +1251,32 @@ Storage Parameters
    .. seealso:: :setting:`~storage.syncPeriodSecs` and
       :parameter:`journalCommitInterval`.
 
+.. parameter:: honorSystemUmask
+
+   .. versionadded:: 3.6
+
+   *Default*: ``false``
+
+   If :parameter:`honorSystemUmask` is set to ``true``, new files
+   created by MongoDB have permissions in accordance with the
+   user's ``umask`` settings.
+
+   If :parameter:`honorSystemUmask` is set to ``false``, new files
+   created by MongoDB have permissions set to ``600``, which gives
+   read and write permissions only to the owner. New directories have
+   permissions set to ``700``.
+
+   You can only set this parameter during start-up and cannot change
+   this setting using the :dbcommand:`setParameter` database command.
+
+   .. code-block:: sh
+
+      mongod --setParameter honorSystemUmask=true
+
+   .. note::
+
+      :parameter:`honorSystemUmask` is not available on Windows systems.
+
 WiredTiger Parameters
 ~~~~~~~~~~~~~~~~~~~~~
 

From b98cccdcdf7ccb035a7fe7936e0b31d7e1b1affa Mon Sep 17 00:00:00 2001
From: Steve Renaker <steve.renaker@mongodb.com>
Date: Mon, 16 Oct 2017 15:42:27 -0700
Subject: [PATCH 2/2] DOCS-10737: updated 3.6 release notes

---
 source/release-notes/3.6.txt | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/source/release-notes/3.6.txt b/source/release-notes/3.6.txt
index ed144669dad..64d63fb8533 100644
--- a/source/release-notes/3.6.txt
+++ b/source/release-notes/3.6.txt
@@ -366,10 +366,15 @@ MongoDB 3.6 includes the following enhancements:
 - :dbcommand:`dropDatabase` waits until all collections drops in the
   database have propagated to a majority of the replica set members.
 
-
 - The new :query:`$jsonSchema` operator matches documents that validate 
   against the given JSON Schema.
 
+- The new :parameter:`honorSystemUmask` startup option for
+  :program:`mongod` causes new files created by MongoDB to have
+  the read/write permissions specified by the `umask
+  <https://en.wikipedia.org/wiki/Umask>`_ of the user who runs the
+  :program:`mongod` process. Only available on Linux and OS X systems.
+
 Changes Affecting Compatibility
 -------------------------------