> > What are the applications? What is the directory structure? Is the > permission problem on a directory or a file? What user account owns > the application process? Is the app un-doing your manual permission > changes on existing files and directories, or just not granting read > permission to new objects? > > in house apps running out of /opt/<appname> and logging into /opt/<appname>/logs and are running as user <appname> need to have world read on /opt/<appname>/logs when permissions are 'manually' set when the app is redeployed it seems that the world read is removed (i am investigating why this is) > If an application so chooses, it can set whatever permissions it wants > on newly created files. It may even have logic to alter the > permissions on existing files. You may not be able to control it from > the OS level. > > Or, it could be as simple as setting (or changing) the umask in the > application startup script. > > i was hoping at the OS level i could limit what the app could do with the permissions as the app is not running as root. it seems i cant do that so i will need to look at how the app is deployed and why the perms are being reset/overwritten.