hi there, when I refered to the tomcat document It says that "Tomcat runs with a default umask of 0027 to maintain these permissions for files created while Tomcat is running (e.g. log files, expanded WARs, etc.)" - https://tomcat.apache.org/tomcat-8.5-doc/security-howto.html - 29) Security Considerations -> Non Tomcat settings I can also confirm that there is a default umask value in bin/catalina.sh, but daemon.sh does not pass the default umask to JSVC. I raised this issue as following and they said this should be fixed by Tomcat. - https://issues.apache.org/jira/browse/DAEMON-417. I'm not sure if I can make a issue here. Thanks, John
Fixed in: - master for 10.0.0-M4 onwards - 9.0.x for 9.0.34 onwards - 8.5.x for 8.5.54 onwards - 7.0.x for 7.0.104 onwards