Index: libexec/rc/rc.subr
===================================================================
--- libexec/rc/rc.subr
+++ libexec/rc/rc.subr
@@ -791,6 +791,8 @@
 #
 #	${name}_oomprotect n	Don't kill ${command} when swap space is exhausted.
 #
+#	${name}_umask	n	The file creation mask to run ${command} with.
+#
 #	${name}_user	n	User to run ${command} as, using su(1) if not
 #				using ${name}_chroot.
 #				Requires /usr to be mounted.
@@ -996,7 +998,8 @@
 	    _fib=\$${name}_fib		_env=\$${name}_env \
 	    _prepend=\$${name}_prepend	_login_class=\${${name}_login_class:-daemon} \
 	    _limits=\$${name}_limits	_oomprotect=\$${name}_oomprotect \
-	    _setup=\$${name}_setup	_env_file=\$${name}_env_file
+	    _setup=\$${name}_setup	_env_file=\$${name}_env_file \
+	    _umask=\$${name}_umask
 
 	if [ -n "$_env_file" ] && [ -r "${_env_file}" ]; then	# load env from file
 		set -a
@@ -1357,9 +1360,14 @@
 
 _run_rc_doit()
 {
+	local _m
+
 	debug "run_rc_command: doit: $*"
+	_m=$(umask)
+	${_umask:+umask ${_umask}}
 	eval "$@"
 	_return=$?
+	umask ${_m}
 
 	# If command failed and force isn't set, request exit.
 	if [ $_return -ne 0 ] && [ -z "$rc_force" ]; then
Index: share/man/man5/rc.conf.5
===================================================================
--- share/man/man5/rc.conf.5
+++ share/man/man5/rc.conf.5
@@ -24,7 +24,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd July 7, 2022
+.Dd August 23, 2022
 .Dt RC.CONF 5
 .Os
 .Sh NAME
@@ -239,6 +239,11 @@
 .Pp
 This variable has no effect on services running within a
 .Xr jail 8 .
+.It Ao Ar name Ac Ns Va _umask
+.Pq Vt int
+Run the service using this
+.Xr umask 1
+value.
 .It Ao Ar name Ac Ns Va _user
 .Pq Vt str
 Run the service under this user account.
@@ -4691,6 +4696,7 @@
 .Xr limits 1 ,
 .Xr protect 1 ,
 .Xr sh 1 ,
+.Xr umask 1 ,
 .Xr vi 1 ,
 .Xr vidcontrol 1 ,
 .Xr bridge 4 ,