In the specfile changelog you link, 217523 – umask 022 breaks User Private Groups is a report that saying that “umask 022 for all breaks UPG configuration”.
“UPG”, or “User Private Groups” is a scheme that Red Hat Linux-based systems (like RHEL and Fedora Linux) follow, where each user account also gets a group account of the same name. Like, my username is
mattdm and my primary group is also
mattdm. Some other distros instead put all users in a
users group. With this scheme, it’s safe to leave most files read/write by the group, because you’re the only one in it, and you can do this trick:
$ sudo mkdir /srv/teamshare
mattdm wheel myteam
$ sudo chgrp myteam /srv/teamshare
$ sudo chmod g+ws /srv/teamshare
$ ls -ld /srv/teamshare
drwxrwsr-x. 1 root myteam 0 Nov 25 12:57 /srv/teamshare
$ touch /srv/teamshare/sharedfile
$ ls -l /srv/teamshare/sharedfile
-rw-rw-r--. 1 mattdm myteam 0 Nov 25 12:58 /srv/teamshare/sharedfile
sharedfile in that directory can be edited by anyone in the group
myteam — and this will be the automatic default permissions of any files created there. For example, if you were on the team, and made a file, it’d end up group-writable and owned by
That’s pretty nifty and was a useful feature in shared-login systems in the 1990s and 2000-aughts. We generally don’t share systems in that way anymore, so arguably less important and we should just go for the more-restrictive default for all. However, because we still do user-private groups, there’s functionally not a difference in most cases anyway (hence “without gaining additional security” in that ancient bug report).
Also I notice a different bug that’s buried here. That
$UID -gt 199 bit is based on the idea that user-account IDs start at 200. But if you look in
/etc/login.defs, you’ll see that that’s actually 1000 — and that change is so long ago I don’t remember when.