diff --git a/core/includes/file.inc b/core/includes/file.inc
index 545fca3..171d4f0 100644
--- a/core/includes/file.inc
+++ b/core/includes/file.inc
@@ -42,6 +42,17 @@
  */
 const STREAM_WRAPPERS_VISIBLE = 0x0010;
 
+
+/**
+ * Default mode for new directories. See drupal_chmod().
+ */
+const CHMOD_DEFAULT_DIRECTORY = '0775';
+
+/**
+ * Default mode for new files. See drupal_chmod().
+ */
+const CHMOD_DEFAULT_FILE = '0664';
+
 /**
  * Composite stream wrapper bit flags that are usually used as the types.
  */
@@ -1284,8 +1295,8 @@ function file_get_mimetype($uri, $mapping = NULL) {
 /**
  * Sets the permissions on a file or directory.
  *
- * This function will use the system.file:chmod.directory and
- * system.file:chmod.file configuration for the default modes for directories
+ * This function will use the file_chmod_directory and
+ * file_chmod_file settings for the default modes for directories
  * and uploaded/generated files. By default these will give everyone read access
  * so that users accessing the files with a user account without the webserver
  * group (e.g. via FTP) can read these files, and give group write permissions
@@ -1309,20 +1320,13 @@ function file_get_mimetype($uri, $mapping = NULL) {
  */
 function drupal_chmod($uri, $mode = NULL) {
   if (!isset($mode)) {
-    // Configuration system stores default modes as strings. We use octdec() so
-    // that the octal permission numbers can be expressed as integers or strings
-    // and will be converted correctly in both cases.
+    // We use octdec() so that the octal permission numbers can be expressed
+    // as integers or strings and will be converted correctly in both cases.
     if (is_dir($uri)) {
-      $mode = octdec(\Drupal::config('system.file')->get('chmod.directory'));
-      if (!$mode) {
-        $mode = 0775;
-      }
+      $mode = octdec(settings()->get('file_chmod_directory', CHMOD_DEFAULT_DIRECTORY));
     }
     else {
-      $mode = octdec(\Drupal::config('system.file')->get('chmod.file'));
-      if (!$mode) {
-        $mode = 0664;
-      }
+      $mode = octdec(settings()->get('file_chmod_file', CHMOD_DEFAULT_FILE));
     }
   }
 
@@ -1493,15 +1497,7 @@ function drupal_basename($uri, $suffix = NULL) {
  */
 function drupal_mkdir($uri, $mode = NULL, $recursive = FALSE, $context = NULL) {
   if (!isset($mode)) {
-    // Configuration system stores default mode as strings.
-    $mode = FALSE;
-    // During early update there's no container.
-    if (is_object(\Drupal::getContainer())) {
-      $mode = octdec(\Drupal::config('system.file')->get('chmod.directory'));
-    }
-    if (!$mode) {
-      $mode = 0775;
-    }
+    $mode = octdec(settings()->get('file_chmod_directory', CHMOD_DEFAULT_DIRECTORY));
   }
 
   // If the URI has a scheme, don't override the umask - schemes can handle this
diff --git a/core/lib/Drupal/Core/Config/FileStorage.php b/core/lib/Drupal/Core/Config/FileStorage.php
index 52c9aa5..6b4aab3 100644
--- a/core/lib/Drupal/Core/Config/FileStorage.php
+++ b/core/lib/Drupal/Core/Config/FileStorage.php
@@ -110,7 +110,8 @@ public function readMultiple(array $names) {
    */
   public function write($name, array $data) {
     $data = $this->encode($data);
-    $status = @file_put_contents($this->getFilePath($name), $data);
+    // Use File API to write file so that we use the chmod settings.
+    $status = file_unmanaged_save_data($data, $this->getFilePath($name), FILE_EXISTS_REPLACE);
     if ($status === FALSE) {
       throw new StorageException('Failed to write configuration file: ' . $this->getFilePath($name));
     }
diff --git a/core/modules/system/config/system.file.yml b/core/modules/system/config/system.file.yml
index b5be48c..eefee01 100644
--- a/core/modules/system/config/system.file.yml
+++ b/core/modules/system/config/system.file.yml
@@ -1,8 +1,4 @@
 allow_insecure_uploads: '0'
-# chmod variables should be a string in PHP Octal Notation.
-chmod:
-  directory: '0775'
-  file: '0664'
 default_scheme: 'public'
 path:
   private: ''
diff --git a/core/modules/system/lib/Drupal/system/Tests/File/DirectoryTest.php b/core/modules/system/lib/Drupal/system/Tests/File/DirectoryTest.php
index 7fd19c5..b5c9cdc 100644
--- a/core/modules/system/lib/Drupal/system/Tests/File/DirectoryTest.php
+++ b/core/modules/system/lib/Drupal/system/Tests/File/DirectoryTest.php
@@ -89,7 +89,7 @@ function testFileCheckDirectoryHandling() {
     }
 
     // Test that the directory has the correct permissions.
-    $this->assertDirectoryPermissions($directory, octdec(\Drupal::config('system.file')->get('chmod.directory')));
+    $this->assertDirectoryPermissions($directory, octdec(settings()->get('file_chmod_directory', CHMOD_DEFAULT_DIRECTORY)));
 
     // Remove .htaccess file to then test that it gets re-created.
     @drupal_unlink(file_default_scheme() . '://.htaccess');
diff --git a/core/modules/system/lib/Drupal/system/Tests/File/UnmanagedCopyTest.php b/core/modules/system/lib/Drupal/system/Tests/File/UnmanagedCopyTest.php
index 70f1903..298f1bd 100644
--- a/core/modules/system/lib/Drupal/system/Tests/File/UnmanagedCopyTest.php
+++ b/core/modules/system/lib/Drupal/system/Tests/File/UnmanagedCopyTest.php
@@ -23,7 +23,6 @@ public static function getInfo() {
    * Copy a normal file.
    */
   function testNormal() {
-    $config = \Drupal::config('system.file');
     // Create a file for testing
     $uri = $this->createUri();
 
@@ -34,7 +33,7 @@ function testNormal() {
     $this->assertEqual($new_filepath, $desired_filepath, 'Returned expected filepath.');
     $this->assertTrue(file_exists($uri), 'Original file remains.');
     $this->assertTrue(file_exists($new_filepath), 'New file exists.');
-    $this->assertFilePermissions($new_filepath, octdec($config->get('chmod.file')));
+    $this->assertFilePermissions($new_filepath, octdec(settings()->get('file_chmod_file', CHMOD_DEFAULT_FILE)));
 
     // Copying with rename.
     $desired_filepath = 'public://' . $this->randomName();
@@ -44,7 +43,7 @@ function testNormal() {
     $this->assertNotEqual($newer_filepath, $desired_filepath, 'Returned expected filepath.');
     $this->assertTrue(file_exists($uri), 'Original file remains.');
     $this->assertTrue(file_exists($newer_filepath), 'New file exists.');
-    $this->assertFilePermissions($newer_filepath, octdec($config->get('chmod.file')));
+    $this->assertFilePermissions($newer_filepath, octdec(settings()->get('file_chmod_file', CHMOD_DEFAULT_FILE)));
 
     // TODO: test copying to a directory (rather than full directory/file path)
     // TODO: test copying normal files using normal paths (rather than only streams)
@@ -65,7 +64,6 @@ function testNonExistent() {
    * Copy a file onto itself.
    */
   function testOverwriteSelf() {
-    $config = \Drupal::config('system.file');
     // Create a file for testing
     $uri = $this->createUri();
 
@@ -75,7 +73,7 @@ function testOverwriteSelf() {
     $this->assertNotEqual($new_filepath, $uri, 'Copied file has a new name.');
     $this->assertTrue(file_exists($uri), 'Original file exists after copying onto itself.');
     $this->assertTrue(file_exists($new_filepath), 'Copied file exists after copying onto itself.');
-    $this->assertFilePermissions($new_filepath, octdec($config->get('chmod.file')));
+    $this->assertFilePermissions($new_filepath, octdec(settings()->get('file_chmod_file', CHMOD_DEFAULT_FILE)));
 
     // Copy the file onto itself without renaming fails.
     $new_filepath = file_unmanaged_copy($uri, $uri, FILE_EXISTS_ERROR);
@@ -93,6 +91,6 @@ function testOverwriteSelf() {
     $this->assertNotEqual($new_filepath, $uri, 'Copied file has a new name.');
     $this->assertTrue(file_exists($uri), 'Original file exists after copying onto itself.');
     $this->assertTrue(file_exists($new_filepath), 'Copied file exists after copying onto itself.');
-    $this->assertFilePermissions($new_filepath, octdec($config->get('chmod.file')));
+    $this->assertFilePermissions($new_filepath, octdec(settings()->get('file_chmod_file', CHMOD_DEFAULT_FILE)));
   }
 }
diff --git a/core/modules/system/lib/Drupal/system/Tests/File/UnmanagedMoveTest.php b/core/modules/system/lib/Drupal/system/Tests/File/UnmanagedMoveTest.php
index 1503bd1..d85c32d 100644
--- a/core/modules/system/lib/Drupal/system/Tests/File/UnmanagedMoveTest.php
+++ b/core/modules/system/lib/Drupal/system/Tests/File/UnmanagedMoveTest.php
@@ -23,7 +23,6 @@ public static function getInfo() {
    * Move a normal file.
    */
   function testNormal() {
-    $config = \Drupal::config('system.file');
     // Create a file for testing
     $uri = $this->createUri();
 
@@ -34,7 +33,7 @@ function testNormal() {
     $this->assertEqual($new_filepath, $desired_filepath, 'Returned expected filepath.');
     $this->assertTrue(file_exists($new_filepath), 'File exists at the new location.');
     $this->assertFalse(file_exists($uri), 'No file remains at the old location.');
-    $this->assertFilePermissions($new_filepath, octdec($config->get('chmod.file')));
+    $this->assertFilePermissions($new_filepath, octdec(settings()->get('file_chmod_file', CHMOD_DEFAULT_FILE)));
 
     // Moving with rename.
     $desired_filepath = 'public://' . $this->randomName();
@@ -45,7 +44,7 @@ function testNormal() {
     $this->assertNotEqual($newer_filepath, $desired_filepath, 'Returned expected filepath.');
     $this->assertTrue(file_exists($newer_filepath), 'File exists at the new location.');
     $this->assertFalse(file_exists($new_filepath), 'No file remains at the old location.');
-    $this->assertFilePermissions($newer_filepath, octdec($config->get('chmod.file')));
+    $this->assertFilePermissions($newer_filepath, octdec(settings()->get('file_chmod_file', CHMOD_DEFAULT_FILE)));
 
     // TODO: test moving to a directory (rather than full directory/file path)
     // TODO: test creating and moving normal files (rather than streams)
diff --git a/core/modules/system/lib/Drupal/system/Tests/File/UnmanagedSaveDataTest.php b/core/modules/system/lib/Drupal/system/Tests/File/UnmanagedSaveDataTest.php
index 043ed6c..88ec592 100644
--- a/core/modules/system/lib/Drupal/system/Tests/File/UnmanagedSaveDataTest.php
+++ b/core/modules/system/lib/Drupal/system/Tests/File/UnmanagedSaveDataTest.php
@@ -36,6 +36,6 @@ function testFileSaveData() {
     $this->assertTrue($filepath, 'Unnamed file saved correctly.');
     $this->assertEqual('asdf.txt', drupal_basename($filepath), 'File was named correctly.');
     $this->assertEqual($contents, file_get_contents($filepath), 'Contents of the file are correct.');
-    $this->assertFilePermissions($filepath, octdec(\Drupal::config('system.file')->get('chmod.file')));
+    $this->assertFilePermissions($filepath, octdec(settings()->get('file_chmod_file', CHMOD_DEFAULT_FILE)));
   }
 }
diff --git a/core/modules/system/system.install b/core/modules/system/system.install
index 14153a0..b5db3ac 100644
--- a/core/modules/system/system.install
+++ b/core/modules/system/system.install
@@ -1956,6 +1956,7 @@ function system_update_8047() {
   update_variables_to_config('system.file', array(
     'allow_insecure_uploads' => 'allow_insecure_uploads',
     'file_default_scheme' => 'default_scheme',
+    // Note: the chmod variables were later moved to the settings system.
     'file_chmod_directory' => 'chmod.directory',
     'file_chmod_file' => 'chmod.file',
     'file_private_path' => 'path.private',
diff --git a/sites/default/default.settings.php b/sites/default/default.settings.php
index b3c54b3..b0fdc95 100644
--- a/sites/default/default.settings.php
+++ b/sites/default/default.settings.php
@@ -456,6 +456,14 @@
 # $settings['mixed_mode_sessions'] = TRUE;
 
 /**
+ * Default mode for for directories and files written by Drupal.
+ *
+ * Value should be a string in PHP Octal Notation.
+ */
+# $settings['file_chmod_directory'] = '0775';
+# $settings['file_chmod_file'] = '0664';
+
+/**
  * Public file path:
  *
  * A local file system path where public files will be stored. This directory