Yes it is confusing because it will not be the umask on NEW user but ALL user because of the change was done in /etc/login.defs.

reassigning to yast2 maintainers.

Please attach YaST logs.
It's actually helpful to attach them to (almost) every bugreport
for YaST.                                                       

See http://en.opensuse.org/Bugs/YaST

The UMASK value set in YaST is saved to /etc/login.defs.

I assume the described behavior is correct, based on the value present in this file.

/etc/login.defs is, to my knowledge, only read by useradd and pam_umask.
pam_umask is not configured by default.

So YaST2 is doing everything correct.

Maybe pam_umask was enabled on that system? Else somebody else is reading that config file, who shouldn't do that.

Are you guys not able to reproduce this?

I just reproduced it on a different 11.2 x86_64 machine. The machine has all updates as of last week installed.

Enter yast->users->defaults for new user.
Set umask.
Log out, all the way, or reboot.
Log in.
User has this umask.
su -
root has this umask.

> pam-config -q --umask
session:


This is probably the default for 11.3: I did not change anything and can reproduce the behavoir.


Does this mean that the behavior is correct?

/etc/login.defs is the very, very last fallback for pam_umask. So if you don't configure it anywhere else, yes, the behavior is correct.

YaST really only writes /etc/login.defs. 

So when current setting for pam_umask is correct, the bug is invalid.

too avoid further confusion, we will move UMASK from /etc/login.defs to /etc/default/useradd, so that it is clear that only useradd is and can use this value.

Done in yast2-users-2.19.14

This is an autogenerated message for OBS integration:
This bug (606249) was mentioned in
https://build.opensuse.org/request/show/40422 Factory / pwdutils
https://build.opensuse.org/request/show/40571 Factory / yast2-users