From 91d6625115e929e16a703ab51fb19f07ea2bd4a5 Mon Sep 17 00:00:00 2001
From: Robert Kaussow <mail@thegeeklab.de>
Date: Sun, 18 Sep 2022 22:05:16 +0200
Subject: [PATCH] set umask in login.defs aswell

---
 tasks/bash.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/tasks/bash.yml b/tasks/bash.yml
index 1c2346f..ebe4f37 100644
--- a/tasks/bash.yml
+++ b/tasks/bash.yml
@@ -27,6 +27,14 @@
         - /etc/csh.cshrc
         - /etc/profile
 
+    - name: Set umask in /etc/login.defs
+      lineinfile:
+        path: /etc/login.defs
+        regexp: '^(?P<umask>UMASK\s+).+'
+        line: \g<umask>{{ users_global_umask }}
+        backrefs: yes
+        state: present
+
     - name: Enforce minimum password lifetime
       lineinfile:
         path: /etc/login.defs