Caddy uses https://github.com/natefinch/lumberjack and some time ago they switched the log file permissions from 0600 to 0644: https://github.com/natefinch/lumberjack/pull/83/files

Now, some users (me included) have issues due to these too-restrictive file permissions: https://caddy.community/t/change-file-mask-for-caddy-log-files/22519

There is an issue in the upstream library, but it currently doesn't look like it will be fixed (although to be honest, the proposed PRs don't look very good to me) natefinch/lumberjack#164

However, what lumberjack does is, it will take the permissions of the file if it exists. Now, in Caddy's filewriter.go we already have

// OpenWriter opens a new file writer.
func (fw FileWriter) OpenWriter() (io.WriteCloser, error) {
	// roll log files by default
	if fw.Roll == nil || *fw.Roll {
		if fw.RollSizeMB == 0 {
			fw.RollSizeMB = 100
		}
		if fw.RollCompress == nil {
			compress := true
			fw.RollCompress = &compress
		}
		if fw.RollKeep == 0 {
			fw.RollKeep = 10
		}
		if fw.RollKeepDays == 0 {
			fw.RollKeepDays = 90
		}

		return &lumberjack.Logger{
			Filename:   fw.Filename,
			MaxSize:    fw.RollSizeMB,
			MaxAge:     fw.RollKeepDays,
			MaxBackups: fw.RollKeep,
			LocalTime:  fw.RollLocalTime,
			Compress:   *fw.RollCompress,
		}, nil
	}

	// otherwise just open a regular file
	return os.OpenFile(fw.Filename, os.O_WRONLY|os.O_APPEND|os.O_CREATE, 0o666)
}

So I'm proposing to change this so we always create the file (even if no rolling is configured), so that lumberjack will pick up these permissions. This would also help to prevent the issue that log files are created with mode 0666, but when users configure log rotation, the log files suddenly get created with mode 0600.

What do you think?