I need users with their own usergroups to start with umask 002 instead of 022 regardless of their shell (bash, zsh, fish, nushell, etc…). If they further override it in their init files, that’s OK but they must start with 002.
That’s exactly what pam_umask should do. It suggests I should add
session optional pam_umask.so usergroups
to /etc/pam.d/login but I can’t figure out how to do that without replacing its already existing content in NixOS.
Can somebody advise me? Thanks