PAM module to set the file mode creation mask
pam_umask.so [debug] [silent] [usergroups] [nousergroups] [umask=mask]
pam_umask is a PAM module to set the file mode creation mask of the current environment. The umask affects the default permissions assigned to newly created files.
The PAM module tries to get the umask value from the following places in the following order:
umask= entry in the users GECOS field
UMASK entry from /etc/login.defs
UMASK= entry from /etc/default/login
The GECOS field is split on comma , characters. The module also in addition to the umask= entry recognizes pri= entry, which sets the nice priority value for the session, and ulimit= entry, which sets the maximum size of files the processes in the session can create.
Print debug information.
Dont print informative messages.
If the user is not root and the username is the same as primary group name, the umask group bits are set to be the same as owner bits (examples: 022 -> 002, 077 -> 007).
This is the direct opposite of the usergroups option described above, which can be useful in case pam_umask has been compiled with usergroups enabled by default and you want to disable it at runtime.
Sets the calling processs file mode creation mask (umask) to mask & 0777. The value is interpreted as Octal.
Only the session type is provided.
The new umask was set successfully.
Memory buffer error.
The conversation method supplied by the application failed to obtain the username.
The conversation method supplied by the application returned PAM_CONV_AGAIN.
No username was given.
User not known.
Add the following line to /etc/pam.d/login to set the user specific umask at login:
session optional pam_umask.so umask=0022
pam.conf(5), pam.d(5), pam(8)
pam_umask was written by Thorsten Kukuk <email@example.com>.