Permission of server log files affected by umask If you notice your server such as Apache web server log files have unexpected file permission, check the running process umask. For example, find the processes that create these files: [root@dcdrlsoas1 ~]# cd /u01/app/oracle/product/10.1.3/oas/Apache/Apache/logs/core [root@dcdrlsoas1 core]# ls -l total 108 -rw-r--r-- 1 root oinstall 25752 Apr 9 16:31 access_log.20100409 -rw-r--r-- 1 root oinstall 30297 Apr 12 18:00 access_log.20100412 -rw-r--r-- 1 root oinstall 11261 Apr 13 15:32 access_log.20100413 -rw-r--r-- 1 root oinstall 622 Apr 9 13:47 error_log.20100409 -rw-r--r-- 1 root oinstall 2608 Apr 12 18:00 error_log.20100412 -rw-r--r-- 1 root oinstall 283 Apr 13 14:24 error_log.20100413 [root@dcdrlsoas1 core]# fuser * access_log.20100413: 32234 [root@dcdrlsoas1 core]# ps -fp 32234 UID PID PPID C STIME TTY TIME CMD root 32234 32210 0 15:27 ? 00:00:00 /u01/app/oracle/product/10.1.3/oas/Apache/Apache/bin/rotatelogs /u01/app/oracle/prod Find the umask the rotatelogs process uses by attaching to the process and making a system call umask(), passing any small number as argument (for example, 0, but not any > 777 and no digit > 7). The return value is what the process currently uses. Then call umask() again to put the returned value back (unless the number you passed to it is the same as return value). [2018-04 Update] With Red Hat Linux 7, /proc//status has a line for Umask, e.g., $ umask 0022 $ grep Umask /proc/$$/status Umask: 0022 $ umask 0002 $ grep Umask /proc/$$/status Umask: 0002 Change to the PID of the target process (e.g. httpd) to see its umask [root@dcdrlsoas1 core]# gdb /u01/app/oracle/product/10.1.3/oas/Apache/Apache/bin/rotatelogs 32234 GNU gdb (GDB) Red Hat Enterprise Linux (7.0.1-23.el5) ...[snipped]... (gdb) call umask(0) $1 = 18 (gdb) call umask(18) $1 = 18 (gdb) detach Detaching from program: /u01/app/oracle/product/10.1.3/oas/Apache/Apache/bin/rotatelogs, process 32234 (gdb) quit [root@dcdrlsoas1 core]# The result is decimal 18, or 22 in octal. That exactly produces files with permission 644 you see above. If you need to change the logfile permission, unless the process creating the file has its own configuration for this purpose, you can trace back the parent, grandparent, grand-grand-parent, ..., of the process. In this case, it's the shell that starts opmn -> another opmn -> httpd -> a bunch of httpd's -> rotatelogs. So to change the log file permission, set your shell umask appropriately and completely stop the top-level opmn and start it again. A convenient command to show all process parent-child relationship is [root@dcdrlsoas1 ~]# LANG=C pstree -p init(1)-+-acpid(2329) ... |-opmn(32183)---opmn(32184)-+-httpd(32210)-+-httpd(32238)-+-{httpd}(32239) | | | `-{httpd}(32244) | | |-httpd(479)-+-{httpd}(480) ... | | |-httpd(32557)-+-{httpd}(32558) | | | `-{httpd}(32559) | | |-rotatelogs(32229) ... The LANG=C environment setting makes the display more text-friendly.