Secret and Config permission modes are incorrect

[mesudip]

When
      permission mode is not set in compose file
   then docker service inspect shows 292
   and actual permission is 444

When
      permission mode is set to 400 in compose file
   then docker service inspect shows 400
   and actual permission is 620

Docker stack compose file

    configs:
      - source: mongo.conf
        target: /data/dbconf/mongod.conf
    secrets:
      - source: security-key
        target: /run/secrets/security-key
        mode: 400
        uid: "999"
        gid: "999"

Service secret and configs

docker service inspect

{
"Spec": {"Secrets": [
                        {
                            "File": {
                                "Name": "/run/secrets/security-key",
                                "UID": "999",
                                "GID": "999",
                                "Mode": 400
                            },
                            "SecretID": "rssn6hztmc80sxs10rre7xx3f",
                            "SecretName": "mongodb-security-key-v2"
                        }
                    ],
                    "Configs": [
                        {
                            "File": {
                                "Name": "/data/dbconf/mongod.conf",
                                "UID": "0",
                                "GID": "0",
                                "Mode": 292
                            },
                            "ConfigID": "zekc8bhwjksggj2zwurhbl4il",
                            "ConfigName": "mongo.conf-v3"
                        }
                    ]
}}

Actual file permissions

-rw--w---- 1 mongodb mongodb 1008 Feb  5 06:42 /run/secrets/security-key
-r--r--r-- 1    root root     125 Feb  5 06:42 /data/dbconf/mongod.conf

Docker info

Client: Docker Engine - Community
 Version:    27.4.0
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.19.2
    Path:     /usr/libexec/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.31.0
    Path:     /usr/libexec/docker/cli-plugins/docker-compose

Server:
 Containers: 55
  Running: 46
  Paused: 0
  Stopped: 9
 Images: 90
 Server Version: 27.4.0
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 Swarm: active
  NodeID: c2fi17zg1xin67i6fu9olx5w2
  Is Manager: false
  Node Address: 172.31.0.2
  Manager Addresses:
   172.31.0.5:2377
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 88bf19b2105c8b17560993bee28a01ddc2f97182
 runc version: v1.2.2-0-g7cb3632
 init version: de40ad0
 Security Options:
  apparmor
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 6.8.0-51-generic
 Operating System: Ubuntu 24.04.1 LTS
 OSType: linux
 Architecture: x86_64
 CPUs: 24
 Total Memory: 125.7GiB
 Name: storage1
 ID: 12259e31-ee9a-4716-987f-b513dac95993
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false