diff --git a/src/suricata.c b/src/suricata.c
index 10d5fcd823..0258e2c7cf 100644
--- a/src/suricata.c
+++ b/src/suricata.c
@@ -155,6 +155,7 @@
 #include "util-debug.h"
 #include "util-error.h"
 #include "util-daemon.h"
+#include "util-byte.h"
 #include "reputation.h"
 
 #include "output.h"
@@ -2577,6 +2578,17 @@ static int PostConfLoadedSetup(SCInstance *suri)
 #endif
     AppLayerSetup();
 
+    /* Suricata will use this umask if provided. By default it will use the
+       umask passed on from the shell. */
+    const char *custom_umask;
+    if (ConfGet("umask", &custom_umask) == 1) {
+        uint16_t mask;
+        if (ByteExtractStringUint16(&mask, 8, strlen(custom_umask),
+                                    custom_umask) > 0) {
+            umask((mode_t)mask);
+        }
+    }
+
     /* Check for the existance of the default logging directory which we pick
      * from suricata.yaml.  If not found, shut the engine down */
     suri->log_dir = ConfigGetLogDirectory();
diff --git a/src/util-daemon.c b/src/util-daemon.c
index 5eba5a6cdf..ee2d625a00 100644
--- a/src/util-daemon.c
+++ b/src/util-daemon.c
@@ -121,8 +121,6 @@ void Daemonize (void)
         /* Child continues here */
         const char *daemondir;
 
-        umask(027);
-
         sid = setsid();
         if (sid < 0) {
             SCLogError(SC_ERR_DAEMON, "Error creating new session");
diff --git a/suricata.yaml.in b/suricata.yaml.in
index 02333e9829..662f1a6103 100644
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -1046,6 +1046,11 @@ asn1-max-frames: 256
 # Default: "/"
 #daemon-directory: "/"
 
+# Umask.
+# Suricata will use this umask if it is provided. By default it will use the
+# umask passed on by the shell.
+#umask: 022
+
 # Suricata core dump configuration. Limits the size of the core dump file to
 # approximately max-dump. The actual core dump size will be a multiple of the
 # page size. Core dumps that would be larger than max-dump are truncated. On