Index: usr.sbin/pw/pw.h
===================================================================
--- usr.sbin/pw/pw.h
+++ usr.sbin/pw/pw.h
@@ -64,6 +64,7 @@
 };
 
 #define	_DEF_DIRMODE	(S_IRWXU | S_IRWXG | S_IRWXO)
+#define	_DEF_LOGMODE	(S_IRUSR | S_IWUSR)
 #define	_PW_CONF	"pw.conf"
 #define _UC_MAXLINE	1024
 #define _UC_MAXSHELLS	32
Index: usr.sbin/pw/pw.conf.5
===================================================================
--- usr.sbin/pw/pw.conf.5
+++ usr.sbin/pw/pw.conf.5
@@ -76,6 +76,8 @@
 mail to send to new users
 .It logfile
 log user/group modifications to this file
+.It logmode
+permissions for the log file
 .It home
 root directory for home directories
 .It homemode
@@ -193,6 +195,7 @@
 .Pp
 The
 .Ar logfile
+keyword is optional.
 option allows logging of password file modifications into the
 nominated log file.
 To avoid creating or adding to such a logfile, then leave this
@@ -200,6 +203,12 @@
 .Ql \&no .
 .Pp
 The
+.Ar logmode
+keyword is optional
+specifies the permissions of the log file created and is modified by
+.Xr umask 2 . Default: 0600
+.Pp
+The
 .Ar home
 keyword is mandatory.
 This specifies the location of the directory in which all new user
Index: usr.sbin/pw/pw_conf.c
===================================================================
--- usr.sbin/pw/pw_conf.c
+++ usr.sbin/pw/pw_conf.c
@@ -52,6 +52,7 @@
 	_UC_DOTDIR,
 	_UC_NEWMAIL,
 	_UC_LOGFILE,
+	_UC_LOGMODE,
 	_UC_HOMEROOT,
 	_UC_HOMEMODE,
 	_UC_SHELLPATH,
@@ -96,6 +97,7 @@
 	"/usr/share/skel",	/* Where to obtain skeleton files */
 	NULL,			/* Mail to send to new accounts */
 	"/var/log/userlog",	/* Where to log changes */
+	_DEF_LOGMODE,		/* Log file perms */
 	"/home",		/* Where to create home directory */
 	_DEF_DIRMODE,		/* Home directory perms, modified by umask */
 	"/bin",			/* Where shells are located */
@@ -120,6 +122,7 @@
 	"\n# Obtain default dotfiles from this directory\n",
 	"\n# Mail this file to new user (/etc/newuser.msg or no)\n",
 	"\n# Log add/change/remove information in this file\n",
+	"\n# Mode for the log file, will be modified by umask\n",
 	"\n# Root directory in which $HOME directory is created\n",
 	"\n# Mode for the new $HOME directory, will be modified by umask\n",
 	"\n# Colon separated list of directories containing valid shells\n",
@@ -146,6 +149,7 @@
 	"skeleton",
 	"newmail",
 	"logfile",
+	"logmode",
 	"home",
 	"homemode",
 	"shellpath",
@@ -301,6 +305,12 @@
 				config.logfile = (q == NULL || !boolean_val(q, 1))
 					? NULL : newstr(q);
 				break;
+			case _UC_LOGMODE:
+				modeset = setmode(q);
+				config.logmode = (q == NULL || !boolean_val(q, 1))
+					? _DEF_LOGMODE : getmode(modeset, _DEF_LOGMODE);
+				free(modeset);
+				break;
 			case _UC_HOMEROOT:
 				config.home = (q == NULL || !boolean_val(q, 1))
 					? "/home" : newstr(q);
@@ -463,6 +473,10 @@
 			sbuf_cat(buf, cnf->logfile ?  cnf->logfile :
 			    boolean_str(0));
 			break;
+		case _UC_LOGMODE:
+			sbuf_printf(buf, "%04o", cnf->logmode);
+			quote = 0;
+			break;
 		case _UC_HOMEROOT:
 			sbuf_cat(buf, cnf->home);
 			break;
Index: usr.sbin/pw/pw_log.c
===================================================================
--- usr.sbin/pw/pw_log.c
+++ usr.sbin/pw/pw_log.c
@@ -57,7 +57,7 @@
 
 	if (logfile == NULL) {
 		/* With umask==0 we need to control file access modes on create */
-		fd = open(cnf->logfile, O_WRONLY | O_CREAT | O_APPEND, 0600);
+		fd = open(cnf->logfile, O_WRONLY | O_CREAT | O_APPEND, cnf->logmode);
 		if (fd == -1) {
 			return;
 		}
Index: usr.sbin/pw/pw_user.c
===================================================================
--- usr.sbin/pw/pw_user.c
+++ usr.sbin/pw/pw_user.c
@@ -1149,6 +1149,8 @@
 		cmdcnf->newmail = cfg->newmail;
 	if (cmdcnf->logfile == NULL)
 		cmdcnf->logfile = cfg->logfile;
+	if (cmdcnf->logmode == 0)
+		cmdcnf->logmode = cfg->logmode;
 	if (cmdcnf->home == NULL)
 		cmdcnf->home = cfg->home;
 	if (cmdcnf->homemode == 0)
Index: usr.sbin/pw/pwupd.h
===================================================================
--- usr.sbin/pw/pwupd.h
+++ usr.sbin/pw/pwupd.h
@@ -62,6 +62,7 @@
 	char		*dotdir;		/* Where to obtain skeleton files */
 	char		*newmail;		/* Mail to send to new accounts */
 	char		*logfile;		/* Where to log changes */
+	mode_t		logmode;		/* Log file permissions */
 	char		*home;			/* Where to create home directory */
 	mode_t		homemode;		/* Home directory permissions */
 	char		*shelldir;		/* Where shells are located */
Index: usr.sbin/pw/tests/pw-modified.conf
===================================================================
--- usr.sbin/pw/tests/pw-modified.conf
+++ usr.sbin/pw/tests/pw-modified.conf
@@ -23,6 +23,9 @@
 # Log add/change/remove information in this file
 logfile = "/var/log/userlog"
 
+# Mode for the log file, will be modified by umask
+logmode = 0600
+
 # Root directory in which $HOME directory is created
 home = "/home"
 
Index: usr.sbin/pw/tests/pw.conf
===================================================================
--- usr.sbin/pw/tests/pw.conf
+++ usr.sbin/pw/tests/pw.conf
@@ -23,6 +23,9 @@
 # Log add/change/remove information in this file
 logfile = "/var/log/userlog"
 
+# Mode for the log file, will be modified by umask
+logmode = 0600
+
 # Root directory in which $HOME directory is created
 home = "/home"