Where does Debian take the default umask from?

Question

With a fresh ssh login:

$ umask
0007

But:

$ find . -maxdepth 1 -name '.*' -type f | xargs grep 007 | less
$ 

# grep 007 /etc/profile
#
# grep -i umask /etc/login.defs
#       UMASK           Default "umask" value.
# UMASK is the default umask value for pam_umask and is used by
# 022 is the "historical" value in Debian for UMASK
UMASK           027
# Other former uses of this variable such as setting the umask when
# grep -i umask /etc/pam.d/common-session
session optional pam_umask.so usergroups

WTF? Debian invents an arbitrary umask?? And there is no other source in /etc that matches 007!

System uses LDAP (nscld, pam_ldap) for authentication

More info: It happens only for one user. Not for root or a different user. As soon as I 'su' to the one user I again get 007.

As root:

# strace -f -o basz.log su baduser

Something is setting this umask but I don't know what:

[...]
2622  open("/etc/group", O_RDONLY|O_CLOEXEC) = 4
2622  _llseek(4, 0, [0], SEEK_CUR)      = 0
2622  fstat64(4, {st_mode=S_IFREG|0644, st_size=1719, ...}) = 0
2622  mmap2(NULL, 1719, PROT_READ, MAP_SHARED, 4, 0) = 0xb7786000
2622  _llseek(4, 1719, [1719], SEEK_SET) = 0
2622  fstat64(4, {st_mode=S_IFREG|0644, st_size=1719, ...}) = 0
2622  munmap(0xb7786000, 1719)          = 0
2622  close(4)                          = 0
2622  socket(PF_FILE, SOCK_STREAM, 0)   = 4
2622  connect(4, {sa_family=AF_FILE, path="/var/run/nslcd/socket"}, 23) = 0
2622  gettimeofday({1404702848, 321946}, NULL) = 0
2622  gettimeofday({1404702848, 322029}, NULL) = 0
2622  poll([{fd=4, events=POLLOUT}], 1, 10000) = 1 ([{fd=4, revents=POLLOUT}])
2622  send(4, "\1\0\0\0\212\23\0\0\361\3\0\0", 12, MSG_NOSIGNAL) = 12
2622  gettimeofday({1404702848, 322363}, NULL) = 0
2622  gettimeofday({1404702848, 322464}, NULL) = 0
2622  poll([{fd=4, events=POLLIN}], 1, 60000) = 1 ([{fd=4, revents=POLLIN|POLLHUP}])
2622  read(4, "\1\0\0\0\212\23\0\0\0\0\0\0\4\0\0\0baduser\1\0\0\0*\361\3\0\0\2\0\0"..., 1024) = 57
2622  gettimeofday({1404702848, 323811}, NULL) = 0
2622  gettimeofday({1404702848, 323898}, NULL) = 0
2622  gettimeofday({1404702848, 323983}, NULL) = 0
2622  gettimeofday({1404702848, 324067}, NULL) = 0
2622  gettimeofday({1404702848, 324170}, NULL) = 0
2622  gettimeofday({1404702848, 324256}, NULL) = 0
2622  gettimeofday({1404702848, 324340}, NULL) = 0
2622  gettimeofday({1404702848, 324434}, NULL) = 0
2622  gettimeofday({1404702848, 324518}, NULL) = 0
2622  gettimeofday({1404702848, 324602}, NULL) = 0
2622  gettimeofday({1404702848, 324686}, NULL) = 0
2622  gettimeofday({1404702848, 324772}, NULL) = 0
2622  poll([{fd=4, events=POLLIN}], 1, 0) = 1 ([{fd=4, revents=POLLIN|POLLHUP}])
2622  read(4, "", 1024)                 = 0
2622  gettimeofday({1404702848, 325036}, NULL) = 0
2622  close(4)                          = 0
2622  umask(0777)                       = 027
2622  umask(07)                         = 0777
[...]

More info:

• If I write "umask 0027" in /etc/profile it works as well!
• If I remove the home directory and recreate it, problem persists

Answer 1

The answer is:

man pam_umask
usergroups
    If the user is not root, and the user ID is equal to the group ID, and the
    username is the same as primary group name, the umask group bits are set to
    be the same as owner bits (examples: 022 -> 002, 077 -> 007). 

Man ...