From 38eb2c7b6f74eac684ce3cfc9b57c976e6f32bea Mon Sep 17 00:00:00 2001
From: Danielle McLean <gopsychonauts@gmail.com>
Date: Mon, 17 Oct 2016 19:50:29 +1100
Subject: [PATCH] Smarter default umask, use 002 on systems that support UPG

---
 config/zsh/login/umask | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/config/zsh/login/umask b/config/zsh/login/umask
index e1d6eab..08f5365 100644
--- a/config/zsh/login/umask
+++ b/config/zsh/login/umask
@@ -1,2 +1,14 @@
 #! zsh
-(( $(umask) == 0 )) && umask 022
+# umask should *never* be zero. If it is, set it to something safer.
+if (( $(umask) == 0 )); then
+	# Test whether the system uses User Private Groups - if it does, my primary
+	# group will have the same name as my user. Basic info on UPG can be found
+	# here: https://security.ias.edu/how-and-why-user-private-groups-unix
+	if [[ $(id -un) = $(id -gn) ]]; then
+		# 002 is a safe umask if the system has UPG.
+		umask 002
+	else
+		# 022 is a safe umask if the system does not have UPG.
+		umask 022
+	fi
+fi