$ grep '^ *[^#].*pam_umask' /etc/pam.d/* /etc/pam.d/common-session:session optional pam_umask.so /etc/pam.d/common-session-noninteractive:session optional pam_umask.so
Whatever sources of confusion :
Even with 'umask=007' in the 'gecos' field of '/etc/passwd', 'gnome-terminal' currently starts with umask=022.
I confirm that this issue is a security issue, which must be corrected.
IMHO, the best fix would be that GNOME systematically uses the standard 'pam_umask' module.
$ grep '^ *[^#].*pam_umask' /etc/pam.d/* d/common- session: session optional pam_umask.so d/common- session- noninteractive: session optional pam_umask.so
/etc/pam.
/etc/pam.
Whatever sources of confusion :
Even with 'umask=007' in the 'gecos' field of '/etc/passwd', 'gnome-terminal' currently starts with umask=022.
I confirm that this issue is a security issue, which must be corrected.
IMHO, the best fix would be that GNOME systematically uses the standard 'pam_umask' module.