${HOME}/.dt/startlog permission too open
I'm getting pressure from the security folks to have all files in a user's home directory permission 750 or less.
It appears that on CDE startup the ${HOME}/.dt/startlog gets created with permission 544 - it's the permission for "other" that is the problem. Changing it only solves the problem until the next CDE session where the existing file is pushed to startlog.old and a new file created with permission 544. I've solved this problem before where I can get at scripts or configuration files that create files like these.
Is there any control in the CDE (/usr/dt or anywhere for that matter) to set the creation permission?
I believe I am enforcing what user control I have with the umask at 037. That works fine for files created by the user; but I have the feeling this is being created by the system (at an elevated priv) for the user.
This problem with error/operation log files is not unique to this process and draws complaints from the security folks who feel that world read on these files compromises too much information and is unnecessary.
