On Thu, 2022-03-10 at 11:21 +0100, Philip Hands wrote: > However, I suspect that something is a bit broken about this anyway, > since I just tested and get a umask of 0022 when logging in via ssh > to a system with USERGROUPS_ENAB 'yes'.
I changed UMASK to 077 in /etc/login.defs and can confirm this doesn't have any effect. I guess because: +--- | # UMASK is the default umask value for pam_umask and is used by +---[ file:///etc/login.defs ] and +--- | $ rgrep umask /etc/pam.d || echo no | no +--- So all of this might not work either way unless someone manually enables pam_umask? Ansgar
