From cbbcac2c45c79ede265d402a5fb3534b577952d8 Mon Sep 17 00:00:00 2001
From: Dorian Zedler <dorian@itsblue.de>
Date: Mon, 14 Mar 2022 14:28:36 +0100
Subject: [PATCH 1/2] Feat: Change umask of homedir to 077

---
 usr/share/linuxmuster-linuxclient7/templates/common-session | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/usr/share/linuxmuster-linuxclient7/templates/common-session b/usr/share/linuxmuster-linuxclient7/templates/common-session
index 970624b..be2ea0b 100644
--- a/usr/share/linuxmuster-linuxclient7/templates/common-session
+++ b/usr/share/linuxmuster-linuxclient7/templates/common-session
@@ -21,7 +21,7 @@ session	[default=1]	pam_permit.so
 session	requisite   pam_deny.so
 
 ## linuxmuster-linuxclient7: mount the homedir first using requisite
-session requisite   pam_mkhomedir.so  skel=@@userTemplateDir@@
+session requisite   pam_mkhomedir.so   umask=077 skel=@@userTemplateDir@@
 ## linuxmuster-linuxclient7: exec more scripts as root using requisite
 session requisite   pam_exec.so @@hookScriptLoginLogoutAsRoot@@
 

From 4687547fd7957212abefcd3996423d0a815c5009 Mon Sep 17 00:00:00 2001
From: Dorian Zedler <dorian@itsblue.de>
Date: Mon, 14 Mar 2022 14:34:20 +0100
Subject: [PATCH 2/2] Doc: Update comment

---
 usr/share/linuxmuster-linuxclient7/templates/common-session | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/usr/share/linuxmuster-linuxclient7/templates/common-session b/usr/share/linuxmuster-linuxclient7/templates/common-session
index be2ea0b..470e319 100644
--- a/usr/share/linuxmuster-linuxclient7/templates/common-session
+++ b/usr/share/linuxmuster-linuxclient7/templates/common-session
@@ -20,7 +20,7 @@ session	[default=1]	pam_permit.so
 # here's the fallback if no module succeeds
 session	requisite   pam_deny.so
 
-## linuxmuster-linuxclient7: mount the homedir first using requisite
+## linuxmuster-linuxclient7: create the userhomes for new users by copying the template
 session requisite   pam_mkhomedir.so   umask=077 skel=@@userTemplateDir@@
 ## linuxmuster-linuxclient7: exec more scripts as root using requisite
 session requisite   pam_exec.so @@hookScriptLoginLogoutAsRoot@@