Comment 11 for bug 253096

Forgot to mention the reason I changed it to common-account is that /etc/pam.d/sudo does not include common-session. This might be OK if sudo is not considered to open a session. But having a different umask using sudo would again not be expected and lead to wrong permissions etc.

Maybe it is more appropriate to fix sudo to include common-session{,-noninteractive}?

This second patch targets common-session{,-noninteractive}.