dfhjvmerr and dfhjvmtrc logs default permissions are 660 preventing users from reading

The default permission settings were changed in CICS TS V5.3, in response to a number of customers (and internal testing) reporting that they were too 'open' by default.

Additionally, a new function was added so that the permissions can now be controlled by the JVMProfile.

For example, if you add the following line to the JVM profile, you can control the default permissions (the example shows the format, you should choose and specify the desired value).

_DFH_UMASK=077

If you set the parameter _DFH_UMASK=002 in the JVM profile, the JVMSERVER files including the error and the trace log files will be created with 664 permissions which permits universal read access for the file.

The following information on the _DFH_UMASK optioin will be added to the CICS TS V5.3 documentation under JVM Server Options in early 2017:

_DFH_UMASK={007|nnn}

Sets the Unix System Services process UMASK that applies when JVMSERVER files are created. This value is a three digit octal. For example, the default value of 007 allows the intended read/write/execute permissions of owner and group to be respected, while preventing read/write/execute being given to other when a file is created. The supplied value must fall within the range of 000 (least restrictive) to 777 (most restrictive).

Note: _DFH_UMASK was available in base CICS TS 5.3 so there is no APAR required.