This patch was circulated on -tech a couple of months ago and gained some
interest.

Any further OKs?  It would be nice to get this in before the next release.

--- newfs.c	Mon Apr  7 04:25:02 2025
+++ newfs.c	Mon Jul 21 08:15:41 2025
@@ -147,7 +147,7 @@
 static void waitformount(char *, pid_t);
 static int do_exec(const char *, const char *, char *const[]);
 static int isdir(const char *);
-static void copy(char *, char *);
+static void copy(char *, char *, mode_t);
 static int gettmpmnt(char *, size_t);
 #endif
 
@@ -179,6 +179,7 @@
 #ifdef MFS
 	char mountfromname[BUFSIZ];
 	char *pop = NULL, node[PATH_MAX];
+	char *ep;
 	pid_t pid;
 	struct stat mountpoint;
 #endif
@@ -203,7 +204,7 @@
 		fatal("insane maxpartitions value %d", maxpartitions);
 
 	opstring = mfs ?
-	    "O:P:T:b:c:e:f:i:m:o:s:" :
+	    "O:P:T:b:c:e:f:i:m:o:p:s:" :
 	    "NO:S:T:b:c:e:f:g:h:i:m:o:qs:t:";
 	while ((ch = getopt(argc, argv, opstring)) != -1) {
 		switch (ch) {
@@ -286,6 +287,19 @@
 					    optarg);
 			}
 			break;
+		case 'p':
+			errno = 0;
+			mfsmode = strtoul(optarg, &ep, 8);
+			if (optarg[0] == '\0' || *ep != '\0')
+				fatal("invalid mode: not a number");
+			if (errno == ERANGE)
+				fatal("invalid mode: out of range");
+			if ((mfsmode & ALLPERMS) != mfsmode)
+				fatal("unrecognised permission bits");
+			if (mfsmode == 0)
+				warnx("invalid mode, will inherit "
+				      "mount point permissions");
+			break;
 		case 'q':
 			quiet = 1;
 			break;
@@ -506,7 +520,8 @@
 			err(ECANCELED, "stat %s", node);
 		mfsuid = mountpoint.st_uid;
 		mfsgid = mountpoint.st_gid;
-		mfsmode = mountpoint.st_mode & ALLPERMS;
+		if (mfsmode == 0)
+			mfsmode = mountpoint.st_mode & ALLPERMS;
 	}
 #endif
 
@@ -543,7 +558,7 @@
 		default:
 			if (pop != NULL) {
 				waitformount(tmpnode, pid);
-				copy(pop, tmpnode);
+				copy(pop, tmpnode, mfsmode);
 				unmount(tmpnode, 0);
 				rmdir(tmpnode);
 			}
@@ -754,13 +769,18 @@
 }
 
 static void
-copy(char *src, char *dst)
+copy(char *src, char *dst, mode_t mfsmode)
 {
 	int ret, dir, created = 0;
+	int fd;
 	struct ufs_args mount_args;
 	char mountpoint[MNAMELEN];
 	char *const argv[] = { "pax", "-rw", "-pe", ".", dst, NULL } ;
 
+	if ((fd = open(dst, O_RDONLY)) == -1) {
+		err(1, "failed opening %s", dst);
+	}
+
 	dir = isdir(src);
 	if (dir)
 		strlcpy(mountpoint, src, sizeof(mountpoint));
@@ -788,6 +808,10 @@
 			warn("unmount %s", dst);
 		errx(1, "copy %s to %s failed", mountpoint, dst);
 	}
+	if (fchmodat(fd, ".", mfsmode, 0) == -1) {
+		warn("failed to set requested permissions");
+	}
+	close (fd);
 }
 
 static int
--- newfs.8	Mon Apr  7 04:25:02 2025
+++ newfs.8	Thu Jul 24 20:35:55 2025
@@ -67,6 +67,7 @@
 .Op Fl m Ar free-space
 .Op Fl O Ar filesystem-format
 .Op Fl o Ar options
+.Op Fl p Ar mode
 .Op Fl P Ar file
 .Op Fl s Ar size
 .Ar special node
@@ -270,7 +271,8 @@
 are as described for
 .Nm ,
 except for the
-.Fl o
+.Fl o ,
+.Fl p
 and
 .Fl P
 options.
@@ -284,6 +286,11 @@
 See the
 .Xr mount 8
 man page for possible options and their meanings.
+.It Fl p Ar mode
+Set permissions on the mount point after the mfs filesystem has been mounted.
+The
+.Ar mode
+argument must be specified in octal notation.
 .It Fl P Ar file
 If
 .Ar file
@@ -295,9 +302,11 @@
 contents of the FFS file system contained on the device.
 .El
 .Pp
-If the
+If neither of the
+.Fl p Ar mode
+or
 .Fl P Ar file
-option is not used, the owner and mode of the created mfs file
+options is used, the owner and mode of the created mfs file
 system will be the same as the owner and mode of the mount point.
 .Sh ENVIRONMENT
 .Bl -tag -width COLUMNS
@@ -308,6 +317,11 @@
 .Nm
 defaults to the terminal width, or 80 columns if the output is not a terminal.
 .El
+.Sh EXAMPLES
+The following line added to /etc/fstab will mount a 512MB mfs filesystem on
+/tmp at boot time, setting appropriate permissions:
+.Pp
+.Dl swap /tmp mfs rw,nodev,nosuid,-s=512m,-p=01777 0 0
 .Sh SEE ALSO
 .Xr disktab 5 ,
 .Xr fs 5 ,