Directory Server provides the ability to configure the permissions with which the log file is created, allowing you to change permissions to logs from the default value. This feature lets you tightly control what the user who starts the server can do. At the same time, you can permit specific applications and other users to access key, time-dependent information contained in the logs.
Directory Server enables you to specify the permissions with which a log file will be created.
Log file creation permissions can be set using the dsconf command or using the DSCC as illustrated in the following figure.
See the log(5dsconf) man page for details on the perm log property.