Problem Description:
On Ubuntu 26.04, sudo -u <user> no longer applies the target user’s default umask (usually 0002) but instead uses sudo’s own default umask (0022). On Ubuntu 24.04, the same command did apply the target user’s umask, so processes launched through sudo inherited 0002. As a result, any sudo‑spawned process that creates files or directories on 26.04 now produces group‑unwritable paths unless you explicitly override or set umask.
Basically: If you launch a binary as user A, which is meant to create files for a group of users (A,B, C, and so on), the created folders and files no longer are writeable on 26.04 whereas on 24.04 they would be.
Commands to test:
Create user:
sudo useradd testuser
Check umask result:
sudo -u testuser sh -c
Results:
26.04: 0022
24.04: 0002
What I’ve tried, what I’m looking for:
I didn’t see this behaviour being mentioned or documented anywhere. Since it took me some time to figure out what was happening (binaries, launched by sudo -u, all of a sudden created folders and files not being group‑writable), I wanted to a) highlight the change and b) perhaps hear from you folks if you can reproduce it.
The fix, if needed:
Enforce a particular umask setting as needed. For already affected files and folders: Change permissions as needed.
I am certainly no expert but this point might be relevant:
Sudo-rs always uses PAM for authentication, so your system must be set up for PAM. Sudo-rs will use the sudo and sudo-i service configuration. This also means that resource limits, umasks, etc have to be configured via PAM and not through the sudoers file.
Wow, you dug much deeper than I did and actually returned something which I think applies here.
That’s good stuff and much appreciated.
I’ll have to check how this then affects my setup as I initially planned to simply edit the sudoers file or use an extended launch command for the binary in question.