/etc/login.defs umask cleanup

See Bug #253096 for the current state of umask setting.

Thank you for taking the time to report this bug and helping to make Ubuntu better. You reported this bug a while ago and there hasn't been any activity in it recently. We were wondering if this is still an issue for you. Can you try with the latest Ubuntu release? Thanks in advance.

This bug was reported a while ago and there hasn't been any activity in it recently so we are closing this bug report. If you are still experiencing this bug with the latest release of Ubuntu please feel free to reopen this bug report. You can click on the current status, under the Status column, and change the Status back to "New". Thanks again and don't hesitate to submit bug reports in the future.

The comments in /etc/login.defs really need to be updated.

Here is an updated version of the section on login configuration initialisation:

--8<----- cut here ----------
#
# Login configuration initializations:
#
# ERASECHAR Terminal ERASE character ('\010' = backspace).
# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
# UMASK Default "umask" value.
#
# The ERASECHAR and KILLCHAR are used only on System V machines.
# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
#
ERASECHAR 0177
KILLCHAR 025
#
# On PAM-enabled systems pam_umask uses UMASK as a global default.
# (Global and per user overrides are possible, see man pam_umask.)
# Therefore setting the umask in shell rc files (i.e. /etc/profile and
# others) is discouraged in favour of the pam_umask mechanism.
#
# On non-PAM systems setting the umask in shell rc files, in addition
# to the UMASK setting here, can catches some more classes of user
# entries to system. (Logins through su, cron, ssh etc.)
# At the same time, using shell rc to set umask won't catch entries which use
# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
# user and alike.
# For discussion, see #314539 and #248150 as well as the thread starting at
# http://lists.debian.org/debian-devel/2005/06/msg01598.html
#
#
# UMASK 022 is the "historical" value in Debian,
# 027 or even 077 could be considered better for privacy if the users
# in their groups can not trust each other. There is no
# One True Answer here: Each sysadmin must make up his/her mind.
#
# Note that with login's USERGROUPS_ENAB feature, or the usergroups
# feature of pam_umask, if a user has a user private group
# the user's group permission umask byte is adjusted to match
# the user permission byte.
# This enables flawless collaboration of users in group directories
UMASK 022

--8<---------------

The cleanup may actually be more than a wishlist item, because login.defs wrongly points out not to set UMASK and has leaves it commented out. (As was correct when pam_umask did not parse it.)

The following wiki page now contains more information and ties together related bugs.
 https://wiki.ubuntu.com/MultiUserManagement