Thanks to Seth Arnold for his advices to use the 'perf' or 'auditd' tools. Inside the above provided '/var/log/audit/audit.log', I do NOT find the 'umask' string.
So, I prefer to begin installing and using the 'perf' tool : $ sudo apt-get install linux-tools-generic Close the graphical session. Record 'umask' for a Gnome session without doing anything --------------------------------------------------------- Switch to a console (tty2), and login. $ sudo perf record -ag -e syscalls:sys_enter_umask Switch to the 'gdm' login screen. Open a Gnome session, then immediately close it. Switch to the console (tty2). Press Ctrl-C. ... (325 samples) $ sudo perf script > gnome-umask.log Record 'umask' for a Gnome session with a Gnome terminal -------------------------------------------------------- $ sudo perf record -ag -e syscalls:sys_enter_umask Switch to the 'gdm' login screen. Open a Gnome session. Inside the Gnome session, open a Gnome terminal with Ctrl-Alt-T. Close the Gnome terminal with Ctrl-D. Close the Gnome session. Switch to the console (tty2). Press (Ctrl C). ... (329 samples) $ sudo perf script > gnome-umask-with-gnome-terminal.log Additional traces triggered by Gnome terminal --------------------------------------------- Following command eases the discovery of the additional traces : $ diff -I '[0-9]* *\[ *[0-9]* *\] *[0-9.]*' gnome-umask.log gnome-umask-with-gnome-terminal.log > systemd-journal 360 [005] 10229.742513: syscalls:sys_enter_umask: mask: > 0x0000003f > f7907 __GI___umask (/lib/x86_64-linux-gnu/libc-2.24.so) > 0 [unknown] ([unknown]) > > systemd-journal 360 [005] 10229.742521: syscalls:sys_enter_umask: mask: > 0x00000012 > f7907 __GI___umask (/lib/x86_64-linux-gnu/libc-2.24.so) > > (l-server) 12464 [003] 10229.742634: syscalls:sys_enter_umask: mask: > 0x00000012 > f7907 __GI___umask (/lib/x86_64-linux-gnu/libc-2.24.so) > 8f2af [unknown] (/lib/systemd/systemd) > > bash 12472 [005] 10229.881381: syscalls:sys_enter_umask: mask: 0x00000007 > f7907 __GI___umask (/lib/x86_64-linux-gnu/libc-2.24.so) > 1e0e1a8 [unknown] ([unknown]) Interpretation of the additional traces triggered by Gnome terminal ------------------------------------------------------------------- The 'bash' trace logically comes from the 'umask 007' command in my '.bashrc' file. Since 0022=0x12, the suspect for 'umask 022' hardcoding is '(l-server)'. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-terminal in Ubuntu. https://bugs.launchpad.net/bugs/1685754 Title: gnome-terminal unduly forces umask=0022 Status in gnome-terminal package in Ubuntu: New Bug description: In order to set the default umask of my users to 027 or 007, I followed the instructions provided in 'man pam_umask' : In the 'gecos' field of '/etc/passwd', I have inserted 'umask=027' or 'umask=007' (for myself). Then, MOST graphical applications systematically run with the correct umask. In particular, when I press Alt-F2, run 'xterm sh' and type 'umask', it systematically displays 0007. But when I press Alt-F2, run 'gnome-terminal -e sh' and type 'umask', it systematically displays 0022. That is BAD, and is a security issue. Workaround : Inside the newly created '/etc/profile.d/umask.sh', and in each '~/.bashrc', add following content : UMASK="$(grep -o "^$USER:.*,umask=0[0-7]*" /etc/passwd)" if [ "$UMASK" ]; then umask "${UMASK#$USER:*,umask=}" fi In fact, 'gnome-terminal' MUST NOT force umask=022, but keep umask unchanged. Thank you in advance for a quick correction. ProblemType: Bug DistroRelease: Ubuntu 17.04 Package: gnome-terminal 3.20.2-1ubuntu8 ProcVersionSignature: Ubuntu 4.10.0-19.21-generic 4.10.8 Uname: Linux 4.10.0-19-generic x86_64 ApportVersion: 2.20.4-0ubuntu4 Architecture: amd64 CurrentDesktop: X-Cinnamon Date: Mon Apr 24 08:36:58 2017 InstallationDate: Installed on 2017-03-28 (26 days ago) InstallationMedia: Ubuntu-GNOME 17.04 "Zesty Zapus" - Beta amd64 (20170321) SourcePackage: gnome-terminal UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-terminal/+bug/1685754/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
