Setting the umask for your process

In Linux, the umask, associated with the user running the process, will determine what permissions files generated by the process, such as log files, will have.

Within the start script

You can set the umask within the generated start script:

bashScriptExtraDefines += "umask 077"

This line will be added just before the application will be executed by the start script and therefore the application process will also inhert this umask. For more information take a look at the according documentation.


When using Docker this is the only reliable way right now to set the umask for the process. Docker will ignore any umask set in e.g. /etc/login.defs (or other config files) within a docker image.

System V/systemd

When using the Java Server Application Archetype usually the system default umask for daemons is fine and can be left unchanged, however sometime the need arises to override it.

As an alternative to the start script approach described in the section above, to set a custom umask for your application that is running either via a System V init script or systemd, the umask can be specified via a custom /etc/default/appname file.

The contents of this file can be specified by creating a template at src/templates/etc-default and adding a line such as the following:

umask 077