> Filing a bug against login... (shadow maintainer hat on) bugger...:-) I was reading this thread and just told to self : dude, this will end up in a BR against shadow/login....:-) So, to summarize, the rationale here is : don't set umask in the default login.defs and leave this to shells and/or pam_umask. Right? I have to keep some kind of explanation for the default login.defs file, this is why I prefer asking immediately...:-)