What are the applications? What is the directory structure? Is the permission problem on a directory or a file? What user account owns the application process? Is the app un-doing your manual permission changes on existing files and directories, or just not granting read permission to new objects?
in house apps running out of /opt/<appname> and logging into /opt/<appname>/logs and are running as user <appname>
need to have world read on /opt/<appname>/logs
when permissions are 'manually' set when the app is redeployed it seems that the world read is removed (i am investigating why this is)
If an application so chooses, it can set whatever permissions it wants on newly created files. It may even have logic to alter the permissions on existing files. You may not be able to control it from the OS level.
Or, it could be as simple as setting (or changing) the umask in the application startup script.
i was hoping at the OS level i could limit what the app could do with the permissions as the app is not running as root. it seems i cant do that so i will need to look at how the app is deployed and why the perms are being reset/overwritten.