I have two systems, A and B. A is Ubuntu 16.04, and B is Ubuntu 20.04. Each has a utility user 'rufus' defined on it. 'rufus' has no login on either system.
I want to understand why 'rufus' has different default umask values between the two systems. On system A (16.04), I get
$ sudo -u rufus sh -c umask
0022
On system B (20.04), I get
$ sudo -u rufus sh -c umask
0002
Running umask for both my own user and for 'root' returns 0022, the expected default, on both systems. Whatever the difference is, it seems to relate to some property specific to 'rufus'.
Here are the things I've considered:
1) system users
Some Linux systems define different default umasks for system users than for regular users.
On system A (16.04), 'rufus' has
$ id rufus
uid=999(rufus) gid=999(rufus) groups=999(rufus)
On system B (20.04), 'rufus' has
$ id rufus
uid=114(rufus) gid=119(rufus) groups=119(rufus)
On both systems, /etc/login.defs has a default umask of 022 and the system user window commented out
UMASK 022
# System accounts
#SYS_UID_MIN 100
#SYS_UID_MAX 999
but /etc/adduser.conf has
FIRST_SYSTEM_UID=100
LAST_SYSTEM_UID=999
indicating that 'rufus' is a system user on both systems (that is, UID > 99 and UID < 1000). So it doesn't seem like this explains the difference in default umask.
2) Login scripts
A user's default umask can be set by login scripts, either global ones like /etc/profile or user-specific ones like ~/.profile. 'rufus' has no login, so these files shouldn't affect what umask returns, because they are never processed.
To be thorough, however, I double-checked the files
/etc/profile
/etc/bash.bashrc
~rufus/.profile
on both systems ('rufus' does have a home folder). None of them set a value for umask. So for a couple of reasons, it doesn't seem like this explains the difference in default umask.
3) /etc/passwd
A user's 'umask' can be set in /etc/passwd.
On System A (16.04):
rufus:x:999:999:,,,:/home/rufus:/usr/sbin/nologin
On System B (20.04):
rufus:x:114:119::/home/rufus:/usr/sbin/nologin
Neither of these set 'umask', so it doesn't seem like this explains the difference in default umask.
4) libpam-umask
I know very little of this, but I understand it can be used to set the umask value for a user. On both systems, libpam-umask is provided by the package libpam-modules. This package installed on both systems, but I have never used it or configured it. On both systems, the config files /etc/pam.d/common-session and /etc/pam.d/common-session-noninteractive have no umask setting on the line
session optional pam_umask.so
so unless there's somewhere else I need to look, this doesn't seem to explain the difference in default umask.
That's all I can think of. What else can explain the difference in what umask returns for 'rufus' between the two systems?
One question I'd like answered in particular is: When Ubuntu sets a default umask for all system users (UID 100-999), in what file is this set?. This seems to be yet another piece of Linux's signature "secret information".
I think I figured this out. In the
/etc/login.prefsin 20.04 the following is stated:This might honestly be a bug in 16.04 when running the command
sudo -u username sh -c umask. This is the only thing I can come up with. On my test systems I get the following output.16.04:
20.04:
As it appears they both support the exact same commands and have the exact same wording in the
/etc/login.prefs. But 16.04 appears to not read into the user correctly like it does in 20.04. It looks like a bug, but since 16.04 is now EOL they will not update for bugs anymore.Hope this helps!