diff --git a/core/java/src/net/i2p/util/SecureFileOutputStream.java b/core/java/src/net/i2p/util/SecureFileOutputStream.java
index 8a891344b1bdf6d69c8b410a8a81f2ddd2bc46eb..3df1f14a58e82fc35baf345036868150599ca2b6 100644
--- a/core/java/src/net/i2p/util/SecureFileOutputStream.java
+++ b/core/java/src/net/i2p/util/SecureFileOutputStream.java
@@ -56,7 +56,7 @@ public class SecureFileOutputStream extends FileOutputStream {
      *  Tries to set the permissions to 600,
      *  ignores errors
      */
-    private static void setPerms(File f) {
+    public static void setPerms(File f) {
         if (!canSetPerms)
             return;
         try {
diff --git a/router/java/src/net/i2p/router/Router.java b/router/java/src/net/i2p/router/Router.java
index a091cba13451c44d9d3c62b98a198a5f69e1a7ac..bfcbe83a6f4018d5690652838cca263615b03b8d 100644
--- a/router/java/src/net/i2p/router/Router.java
+++ b/router/java/src/net/i2p/router/Router.java
@@ -218,6 +218,19 @@ public class Router {
         // NOW we start all the activity
         _context.initAll();
 
+        // Set wrapper.log permissions.
+        // Just hope this is the right location, we don't know for sure,
+        // but this is the same method used in LogsHelper and we have no complaints.
+        // (we could look for the wrapper.config file and parse it I guess...)
+        // If we don't have a wrapper, RouterLaunch does this for us.
+        if (System.getProperty("wrapper.version") != null) {
+            File f = new File(System.getProperty("java.io.tmpdir"), "wrapper.log");
+            if (!f.exists())
+                f = new File(_context.getBaseDir(), "wrapper.log");
+            if (f.exists())
+                SecureFileOutputStream.setPerms(f);
+        }
+
         _routerInfo = null;
         _higherVersionSeen = false;
         _log = _context.logManager().getLog(Router.class);