pam_umask - PAM module to set the file mode creation mask
[debug] [silent] [usergroups] [umask= mask]
pam_umask is a PAM module to set the file mode creation mask of the current
environment. The umask affects the default permissions assigned to newly
The PAM module tries to get the umask value from the following places in the
•umask= entry in the user's GECOS
•UMASK= entry from
•UMASK entry from /etc/login.defs
The GECOS field is split on comma ',' characters. The module also in addition to
the umask= entry recognizes pri= entry, which sets the nice priority value for
the session, and ulimit= entry, which sets the maximum size of files the
processes in the session can create.
Print debug information.
Don't print informative messages.
If the user is not root and the username is
the same as primary group name, the umask group bits are set to be the same as
owner bits (examples: 022 -> 002, 077 -> 007).
Sets the calling process's file mode creation
mask (umask) to mask & 0777. The value is interpreted as
Only the session
type is provided.
The new umask was set successfully.
No username was given.
User not known.
Add the following line to /etc/pam.d/login to set the user specific umask at
session optional pam_umask.so umask=0022
pam_umask was written by Thorsten Kukuk <firstname.lastname@example.org>.