This is a bug in every GNOME application that uses systemctl --user to start itself. There is currently no sane fix because systemd is missing a feature of upstart, umask inheritance. GNOME could abuse systemd's instantiated services feature to pass the umask through this but this would be far from ideal.
A workaround for those of us that need a solution now is to place [Service] UMask=<umask value> in $HOME/.config/systemd/user/gnome-terminal-server.service.d/umask.conf for an individual user or in /etc/systemd/user/gnome-terminal-server.service.d/umask.conf for all users. This will set the umask only for gnome-terminal. To get most services set an override for dbus.service as well. However, there are quite a few services that are not directly launched by dbus (like gnome-terminal-server) and need their own overrides. A list of these can be obtained by: $ grep -rhoP '(?<=SystemdService=).*' /usr/share/dbus-1/services The only sane way I have come up with to deal with this is to create a single umask.conf and add a symlink to it from the <service>.serivce.d/umask.conf overide for each service found above (as well as dbus). In this way, only two files must be edited to set system default umask, /etc/login.defs and umask.conf. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-terminal in Ubuntu. https://bugs.launchpad.net/bugs/1685754 Title: gnome-terminal unduly forces umask=0022 Status in gedit: Invalid Status in gnome-session: New Status in GNOME Terminal: Confirmed Status in Nautilus: Confirmed Status in gnome-terminal package in Ubuntu: Confirmed Bug description: In order to set the default umask of my users to 027 or 007, I followed the instructions provided in 'man pam_umask' : In the 'gecos' field of '/etc/passwd', I have inserted 'umask=027' or 'umask=007' (for myself). Then, MOST graphical applications systematically run with the correct umask. In particular, when I press Alt-F2, run 'xterm sh' and type 'umask', it systematically displays 0007. But when I press Alt-F2, run 'gnome-terminal -e sh' and type 'umask', it systematically displays 0022. That is BAD, and is a security issue. Workaround : Inside the newly created '/etc/profile.d/umask.sh', and in each '~/.bashrc', add following content : UMASK="$(grep -o "^$USER:.*,umask=0[0-7]*" /etc/passwd)" if [ "$UMASK" ]; then umask "${UMASK#$USER:*,umask=}" fi In fact, 'gnome-terminal' MUST NOT force umask=022, but keep umask unchanged. Thank you in advance for a quick correction. ProblemType: Bug DistroRelease: Ubuntu 17.04 Package: gnome-terminal 3.20.2-1ubuntu8 ProcVersionSignature: Ubuntu 4.10.0-19.21-generic 4.10.8 Uname: Linux 4.10.0-19-generic x86_64 ApportVersion: 2.20.4-0ubuntu4 Architecture: amd64 CurrentDesktop: X-Cinnamon Date: Mon Apr 24 08:36:58 2017 InstallationDate: Installed on 2017-03-28 (26 days ago) InstallationMedia: Ubuntu-GNOME 17.04 "Zesty Zapus" - Beta amd64 (20170321) SourcePackage: gnome-terminal UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/gedit/+bug/1685754/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
