os.mkdir() and os.mkdirat() use libc's mkdir() and mkdirat(), which can ignore SUID/SGID permissions. This problem occurs at least on systems using glibc. The solution is to call chmod() / fchmodat() to ensure that given directory has been created with requested permissions. I'm attaching the patch.

The new patch restores respecting of umask.

A side effect of this patch is that it fixes failure of test_exist_ok_existing_directory() from test_os.py in situation when top-level directory of Python sources has SGID bit set. (test_exist_ok_existing_directory() exists only in Python >=3.2.)

$ chmod g+s .
$ LD_LIBRARY_PATH=$(pwd) ./python Lib/test/test_os.py
...
======================================================================
ERROR: test_exist_ok_existing_directory (__main__.MakedirTests)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "Lib/test/test_os.py", line 653, in test_exist_ok_existing_directory
    os.makedirs(path, mode=mode, exist_ok=True)
  File "/var/tmp/portage/dev-lang/python-3.3_pre20110227/work/python-3.3_pre20110227/Lib/os.py", line 152, in makedirs
    mkdir(name, mode)
OSError: [Errno 17] File exists: '@test_32218_tmp/dir1'

----------------------------------------------------------------------

os.makedir (and, I presume, makedirat) are intentionally thin wrapperws around the libc system calls

From #9299, msg111014 (Guido)
"I wonder if os.mkdir() should not be left alone (so as to continue
to match the system call most exactly, as is our convention) and the
extra functionality added to os.makedirs() only."

Deviation from this would require pydev discussion. I otherwise have no opinion.