De onde o Debian pega o umask padrão?

Com um novo login no ssh:

$ umask
0007

Mas:

$ find . -maxdepth 1 -name '.*' -type f | xargs grep 007 | less
$ 

# grep 007 /etc/profile
#
# grep -i umask /etc/login.defs
#       UMASK           Default "umask" value.
# UMASK is the default umask value for pam_umask and is used by
# 022 is the "historical" value in Debian for UMASK
UMASK           027
# Other former uses of this variable such as setting the umask when
# grep -i umask /etc/pam.d/common-session
session optional pam_umask.so usergroups

WTF? Debian inventa umask arbitrária ?? E não há outra fonte em / etc que corresponda a 007!

O sistema usa LDAP (nscld, pam_ldap) para autenticação

Mais informações: isso acontece apenas para um usuário. Não é para root ou um usuário diferente. Assim que eu 'su' para o usuário eu recebo novamente 007.

Como root:

# strace -f -o basz.log su baduser

Algo está configurando essa umask, mas não sei o que:

[...]
2622  open("/etc/group", O_RDONLY|O_CLOEXEC) = 4
2622  _llseek(4, 0, [0], SEEK_CUR)      = 0
2622  fstat64(4, {st_mode=S_IFREG|0644, st_size=1719, ...}) = 0
2622  mmap2(NULL, 1719, PROT_READ, MAP_SHARED, 4, 0) = 0xb7786000
2622  _llseek(4, 1719, [1719], SEEK_SET) = 0
2622  fstat64(4, {st_mode=S_IFREG|0644, st_size=1719, ...}) = 0
2622  munmap(0xb7786000, 1719)          = 0
2622  close(4)                          = 0
2622  socket(PF_FILE, SOCK_STREAM, 0)   = 4
2622  connect(4, {sa_family=AF_FILE, path="/var/run/nslcd/socket"}, 23) = 0
2622  gettimeofday({1404702848, 321946}, NULL) = 0
2622  gettimeofday({1404702848, 322029}, NULL) = 0
2622  poll([{fd=4, events=POLLOUT}], 1, 10000) = 1 ([{fd=4, revents=POLLOUT}])
2622  send(4, "
$ umask
0007
$ find . -maxdepth 1 -name '.*' -type f | xargs grep 007 | less
$ 

# grep 007 /etc/profile
#
# grep -i umask /etc/login.defs
#       UMASK           Default "umask" value.
# UMASK is the default umask value for pam_umask and is used by
# 022 is the "historical" value in Debian for UMASK
UMASK           027
# Other former uses of this variable such as setting the umask when
# grep -i umask /etc/pam.d/common-session
session optional pam_umask.so usergroups
# strace -f -o basz.log su baduser
2
[...]
2622  open("/etc/group", O_RDONLY|O_CLOEXEC) = 4
2622  _llseek(4, 0, [0], SEEK_CUR)      = 0
2622  fstat64(4, {st_mode=S_IFREG|0644, st_size=1719, ...}) = 0
2622  mmap2(NULL, 1719, PROT_READ, MAP_SHARED, 4, 0) = 0xb7786000
2622  _llseek(4, 1719, [1719], SEEK_SET) = 0
2622  fstat64(4, {st_mode=S_IFREG|0644, st_size=1719, ...}) = 0
2622  munmap(0xb7786000, 1719)          = 0
2622  close(4)                          = 0
2622  socket(PF_FILE, SOCK_STREAM, 0)   = 4
2622  connect(4, {sa_family=AF_FILE, path="/var/run/nslcd/socket"}, 23) = 0
2622  gettimeofday({1404702848, 321946}, NULL) = 0
2622  gettimeofday({1404702848, 322029}, NULL) = 0
2622  poll([{fd=4, events=POLLOUT}], 1, 10000) = 1 ([{fd=4, revents=POLLOUT}])
2622  send(4, "%pre%%pre%%pre%2%pre%%pre%1%pre%%pre%", 12, MSG_NOSIGNAL) = 12
2622  gettimeofday({1404702848, 322363}, NULL) = 0
2622  gettimeofday({1404702848, 322464}, NULL) = 0
2622  poll([{fd=4, events=POLLIN}], 1, 60000) = 1 ([{fd=4, revents=POLLIN|POLLHUP}])
2622  read(4, "%pre%%pre%%pre%2%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%baduser%pre%%pre%%pre%*1%pre%%pre%%pre%%pre%"..., 1024) = 57
2622  gettimeofday({1404702848, 323811}, NULL) = 0
2622  gettimeofday({1404702848, 323898}, NULL) = 0
2622  gettimeofday({1404702848, 323983}, NULL) = 0
2622  gettimeofday({1404702848, 324067}, NULL) = 0
2622  gettimeofday({1404702848, 324170}, NULL) = 0
2622  gettimeofday({1404702848, 324256}, NULL) = 0
2622  gettimeofday({1404702848, 324340}, NULL) = 0
2622  gettimeofday({1404702848, 324434}, NULL) = 0
2622  gettimeofday({1404702848, 324518}, NULL) = 0
2622  gettimeofday({1404702848, 324602}, NULL) = 0
2622  gettimeofday({1404702848, 324686}, NULL) = 0
2622  gettimeofday({1404702848, 324772}, NULL) = 0
2622  poll([{fd=4, events=POLLIN}], 1, 0) = 1 ([{fd=4, revents=POLLIN|POLLHUP}])
2622  read(4, "", 1024)                 = 0
2622  gettimeofday({1404702848, 325036}, NULL) = 0
2622  close(4)                          = 0
2622  umask(0777)                       = 027
2622  umask(07)                         = 0777
[...]
%pre%1%pre%%pre%", 12, MSG_NOSIGNAL) = 12
2622  gettimeofday({1404702848, 322363}, NULL) = 0
2622  gettimeofday({1404702848, 322464}, NULL) = 0
2622  poll([{fd=4, events=POLLIN}], 1, 60000) = 1 ([{fd=4, revents=POLLIN|POLLHUP}])
2622  read(4, "%pre%%pre%%pre%2%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%baduser%pre%%pre%%pre%*1%pre%%pre%%pre%%pre%"..., 1024) = 57
2622  gettimeofday({1404702848, 323811}, NULL) = 0
2622  gettimeofday({1404702848, 323898}, NULL) = 0
2622  gettimeofday({1404702848, 323983}, NULL) = 0
2622  gettimeofday({1404702848, 324067}, NULL) = 0
2622  gettimeofday({1404702848, 324170}, NULL) = 0
2622  gettimeofday({1404702848, 324256}, NULL) = 0
2622  gettimeofday({1404702848, 324340}, NULL) = 0
2622  gettimeofday({1404702848, 324434}, NULL) = 0
2622  gettimeofday({1404702848, 324518}, NULL) = 0
2622  gettimeofday({1404702848, 324602}, NULL) = 0
2622  gettimeofday({1404702848, 324686}, NULL) = 0
2622  gettimeofday({1404702848, 324772}, NULL) = 0
2622  poll([{fd=4, events=POLLIN}], 1, 0) = 1 ([{fd=4, revents=POLLIN|POLLHUP}])
2622  read(4, "", 1024)                 = 0
2622  gettimeofday({1404702848, 325036}, NULL) = 0
2622  close(4)                          = 0
2622  umask(0777)                       = 027
2622  umask(07)                         = 0777
[...]

Mais informações:

• Se eu escrever "umask 0027" no / etc / profile, ele também funciona!
• Se eu remover o diretório inicial e recriá-lo, o problema persistirá