My I suggest one further improvement: I think it would be nice if there was a sentence like:
"See the pam_umask(8) manpage for alternative means to change the UMASK, for example per-user only." I guess there are users that would actually want to keep the new default, but have it e.g. overridden only for their own user (like on single user systems). For that, setting it via the GECOS field seems a good way? Tough unfortunately, clear documentation seems missing on how to actually do this[0]. It seems umask=xxxx must be set in the "other" field (= the 5th) of the GECOS field, e.g. via chfn --other . HTH, Chris. [0] I've filed https://github.com/linux-pam/linux-pam/pull/786 to improve on that. Assuming that will be merged, it's IMO enough to just refer to the manpage, so that people even know that there are finer grained means.
