Etienne, the upstream bug comments suggest it may not be limited to just gnome-terminal. You may have success finding what component / process is performing the umask() calls via perf or auditd:
$ sudo perf record -e syscalls:sys_enter_umask -ag -in another terminal change umask- ^C[ perf record: Woken up 1 times to write data ] [ perf record: Captured and wrote 1.009 MB perf.data (1 samples) ] $ sudo perf script bash 30279 [002] 801251.545434: syscalls:sys_enter_umask: mask: 0x00000002 f62f7 umask (/lib/x86_64-linux-gnu/libc-2.23.so) OR $ sudo auditctl -a always,exit -S umask WARNING - 32/64 bit syscall mismatch, you should specify an arch -in another terminal change umask- $ sudo auditctl -d always,exit -S umask $ then find in your /var/log/audit/audit.log a line like: type=SYSCALL msg=audit(1493335707.490:34758): arch=c000003e syscall=95 success=yes exit=2 a0=2 a1=ffffffd0 a2=0 a3=4b4 items=0 ppid=3738 pid=30444 auid=4294967295 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts29 ses=4294967295 comm="bash" exe="/bin/bash" key=(null) Fun fact: while testing this, I found both /usr/bin/man and /usr/bin/sudo changing umask. If you care about umask changing you might want to make this auditd rule permanent, of course addressing the 32/64 bit mismatch in 'real' use: -a always,exit -F arch=b64 -S umask -F key=umask -a always,exit -F arch=b32 -S umask -F key=umask Thanks -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-terminal in Ubuntu. https://bugs.launchpad.net/bugs/1685754 Title: gnome-terminal unduly forces umask=0022 Status in gnome-terminal package in Ubuntu: New Bug description: In order to set the default umask of my users to 027 or 007, I followed the instructions provided in 'man pam_umask' : In the 'gecos' field of '/etc/passwd', I have inserted 'umask=027' or 'umask=007' (for myself). Then, MOST graphical applications systematically run with the correct umask. In particular, when I press Alt-F2, run 'xterm sh' and type 'umask', it systematically displays 0007. But when I press Alt-F2, run 'gnome-terminal -e sh' and type 'umask', it systematically displays 0022. That is BAD, and is a security issue. Workaround : Inside the newly created '/etc/profile.d/umask.sh', and in each '~/.bashrc', add following content : UMASK="$(grep -o "^$USER:.*,umask=0[0-7]*" /etc/passwd)" if [ "$UMASK" ]; then umask "${UMASK#$USER:*,umask=}" fi In fact, 'gnome-terminal' MUST NOT force umask=022, but keep umask unchanged. Thank you in advance for a quick correction. ProblemType: Bug DistroRelease: Ubuntu 17.04 Package: gnome-terminal 3.20.2-1ubuntu8 ProcVersionSignature: Ubuntu 4.10.0-19.21-generic 4.10.8 Uname: Linux 4.10.0-19-generic x86_64 ApportVersion: 2.20.4-0ubuntu4 Architecture: amd64 CurrentDesktop: X-Cinnamon Date: Mon Apr 24 08:36:58 2017 InstallationDate: Installed on 2017-03-28 (26 days ago) InstallationMedia: Ubuntu-GNOME 17.04 "Zesty Zapus" - Beta amd64 (20170321) SourcePackage: gnome-terminal UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-terminal/+bug/1685754/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp