From acca8c0c97d57e1e18411ef8988caaf86de1272c Mon Sep 17 00:00:00 2001
From: Martin Osvald <mosvald@redhat.com>
Date: Thu, 24 Nov 2022 15:10:55 +0100
Subject: [PATCH] Set default umask for non-login shell only if it is set to 0

Resolves: #2062601
---
 dont-set-hardcoded-umask.patch | 43 ++++++++++++++++++++++++++++++++++
 setup.spec                     |  6 ++++-
 2 files changed, 48 insertions(+), 1 deletion(-)
 create mode 100644 dont-set-hardcoded-umask.patch

diff --git a/dont-set-hardcoded-umask.patch b/dont-set-hardcoded-umask.patch
new file mode 100644
index 0000000..9cf9a8c
--- /dev/null
+++ b/dont-set-hardcoded-umask.patch
@@ -0,0 +1,43 @@
+diff --git a/bashrc b/bashrc
+index d462ac7..b0740cb 100644
+--- a/bashrc
++++ b/bashrc
+@@ -65,15 +65,8 @@ if [ -z "$BASHRCSOURCED" ]; then
+         esac
+     }
+ 
+-    # By default, we want umask to get set. This sets it for non-login shell.
+-    # Current threshold for system reserved uid/gids is 200
+-    # You could check uidgid reservation validity in
+-    # /usr/share/doc/setup-*/uidgid file
+-    if [ $UID -gt 199 ] && [ "`/usr/bin/id -gn`" = "`/usr/bin/id -un`" ]; then
+-       umask 002
+-    else
+-       umask 022
+-    fi
++    # Set default umask for non-login shell only if it is set to 0
++    [ `umask` -eq 0 ] && umask 022
+ 
+     SHELL=/bin/bash
+     # Only display echos from profile.d scripts if we are no login shell
+diff --git a/csh.cshrc b/csh.cshrc
+index eda4aa7..8f169a1 100644
+--- a/csh.cshrc
++++ b/csh.cshrc
+@@ -2,14 +2,8 @@
+ #
+ # csh configuration for all shell invocations.
+ 
+-# By default, we want this to get set.
+-# Even for non-interactive, non-login shells.
+-# Current threshold for system reserved uid/gids is 200
+-# You could check uidgid reservation validity in
+-# /usr/share/doc/setup-*/uidgid file
+-if ($uid > 199 && "`/usr/bin/id -gn`" == "`/usr/bin/id -un`") then
+-    umask 002
+-else
++# Set default umask for non-login shell only if it is set to 0
++if ( `umask` == 0 ) then
+     umask 022
+ endif
+ 
diff --git a/setup.spec b/setup.spec
index 6487b8a..a06dac7 100644
--- a/setup.spec
+++ b/setup.spec
@@ -1,7 +1,7 @@
 Summary: A set of system configuration and setup files
 Name: setup
 Version: 2.13.7
-Release: 7%{?dist}
+Release: 8%{?dist}
 License: Public Domain
 Group: System Environment/Base
 URL: https://pagure.io/setup/
@@ -18,6 +18,7 @@ Conflicts: initscripts < 4.26, bash <= 2.0.4-21
 Patch0:    setup-hostname.patch
 Patch1:    csh.login-unset-p.patch
 Patch2:    bashrc-remove-VTE-specific-PROMPT_COMMAND.patch
+Patch3:    dont-set-hardcoded-umask.patch
 
 %description
 The setup package contains a set of important system configuration and
@@ -117,6 +118,9 @@ end
 %{_tmpfilesdir}/%{name}.conf
 
 %changelog
+* Thu Nov 24 2022 Martin Osvald <mosvald@redhat.com> - 2.13.7-8
+- Set default umask for non-login shell only if it is set to 0 (#2062601)
+
 * Mon May 09 2022 Martin Osvald <mosvald@redhat.com> - 2.13.7-7
 - Move /var/log/lastlog ownership to systemd (#2066753)
 - tcsh sets variable p to /usr/sbin from /etc/csh.login (#2066767)