diff -Nru neutron-16.0.0~b3~git2020041516.5f42488a9a/debian/changelog neutron-16.0.0~b3~git2020041516.5f42488a9a/debian/changelog
--- neutron-16.0.0~b3~git2020041516.5f42488a9a/debian/changelog	2020-04-15 20:26:18.000000000 +0000
+++ neutron-16.0.0~b3~git2020041516.5f42488a9a/debian/changelog	2020-04-17 11:27:46.000000000 +0000
@@ -1,3 +1,11 @@
+neutron (2:16.0.0~b3~git2020041516.5f42488a9a-0ubuntu2) focal; urgency=medium
+
+  * d/neutron-common.postinst: Ensure subdirectories and files under
+    /var/lib/neutron/dhcp are readable by the nobody user which is used
+    by dnsmasq (LP: #1873438).
+
+ -- James Page <james.page@ubuntu.com>  Fri, 17 Apr 2020 12:27:46 +0100
+
 neutron (2:16.0.0~b3~git2020041516.5f42488a9a-0ubuntu1) focal; urgency=medium
 
   * New upstream snapshot for OpenStack Ussuri.
diff -Nru neutron-16.0.0~b3~git2020041516.5f42488a9a/debian/neutron-common.postinst neutron-16.0.0~b3~git2020041516.5f42488a9a/debian/neutron-common.postinst
--- neutron-16.0.0~b3~git2020041516.5f42488a9a/debian/neutron-common.postinst	2020-04-15 20:26:18.000000000 +0000
+++ neutron-16.0.0~b3~git2020041516.5f42488a9a/debian/neutron-common.postinst	2020-04-17 11:27:46.000000000 +0000
@@ -25,9 +25,10 @@
 
     find /var/lib/neutron -exec chown neutron:neutron "{}" +
     find /var/lib/neutron -type f -exec chmod 0640 "{}" + -o -type d -exec chmod 0750 "{}" +
-    # Ensure dnsmasq has needed access
+
+    # Ensure dnsmasq has needed access as it runs as nobody
     chmod 0755 /var/lib/neutron
-    chmod 0755 /var/lib/neutron/dhcp
+    find /var/lib/neutron/dhcp -type f -exec chmod 0644 "{}" + -o -type d -exec chmod 0755 "{}" +
 
     # NOTE(jamespage): In order to execute unit test in decomposed
     #                  vendor drivers, /etc/neutron must be readable