How to change the default umask on an AL2 instance

I changed the umask from 022 to 077 in the following files. But the default umask remains 022 for every login: /etc/login.defs /etc/cs /etc/csh.cshrc /etc/bashrc /etc/profile /etc/profile.d/set-umask-for-all-users.sh /etc/rc.d/init.d/functions There are no umask entries n any of the files in the user's home directory.

Run bash -x to spawn a new shell with debug mode enabled, and don't be surprised if the output is hundreds of lines long. Somewhere in all this is the time(s) that the umask value is checked, and potentially changed.

It may be easier to go through this output as a file:

$ script /var/tmp/bash-x.out
$ bash -x
.
.
.
$ exit          <--- this exits the shell you just spawned
$ exit          <--- this exits from the "script" command
$

Now you can go through /var/tmp/bash-x.out looking for any instance of umask or UMASK

Seeing the output from bash -x is interesting but only thickened the plot. I can see the last time the umask is set, is in fact 077. And inside that shell it really is set to 077. Yet when connecting through the session manager it is 022. See snip below:

++ . /etc/profile.d/set-umask-for-all-users.sh
+++ umask 077
.
.
.
+ umask
0077
++ printf '\033]0;%s@%s:%s\007' '' ip-172-31-30-111 '~'
[ssm-user@ip-172-31-30-111 ~]$ exit
+ exit
exit
sh-4.2$ exit
exit
Script done, file is /var/tmp/bash-x.out
sh-4.2$ umask
0022

Now it's clear - Session Manager doesn't run bash https://repost.aws/knowledge-center/ssm-session-manager-change-shell

All the files that we're looking at at for setting the environment for a user who uses bash.

The steps to change Session Manager's login shell to bash are in that linked knowledge document, or you could just run bash from the command line to launch a new bash shell, or you could sudo su - ec2-user to become another user whose login shell is the bash shell.