From 7828de33479a400fbbe9d4fd0df93d642bb91f81 Mon Sep 17 00:00:00 2001
From: "Andreas B. Mundt" <andreas.mundt@steinbeisschule-reutlingen.de>
Date: Sat, 5 Dec 2020 11:07:43 +0100
Subject: [PATCH] mkhome must happen before creating the mount point. More
 privacy.

---
 roles/fvs-client-mkhome/tasks/main.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/fvs-client-mkhome/tasks/main.yml b/roles/fvs-client-mkhome/tasks/main.yml
index c90be6a..5f5eb23 100644
--- a/roles/fvs-client-mkhome/tasks/main.yml
+++ b/roles/fvs-client-mkhome/tasks/main.yml
@@ -37,8 +37,8 @@
 - name: enable pam_mkhomedir.so
   lineinfile:
     dest: /etc/pam.d/common-session
-    line: "session	optional			pam_mkhomedir.so"
-    insertafter: "# end of pam-auth-update config"
+    line: "session	optional	pam_mkhomedir.so  umask=0027"
+    insertbefore: "session	optional	pam_mount.so"
 
 - name: configure pam_mount
   blockinfile: