[arch-general] Read permissions on /var/log/auth.log being reverted

[E Wilson]

Hi group

When I make my auth.log file world-readable (big security risk), the
system reverts it to unreadable by world.  Could someone tell me what
kind program/daemon is changing the permissions back and if said
daemon has a log somewhere. I would like to shake its hand. something
out of cron?

This is Arch running in a hosted VM environment.

Thanks
E Wilson
(New Linux and Arch User)