autofs: Add more strict umask to users

roles/autofs/files/umask.csh

@@ -0,0 +1,3 @@
+if ($uid > 999 && "`/usr/bin/id -gn`" == "`/usr/bin/id -un`") then
+    umask 007
+endif

roles/autofs/files/umask.sh

@@ -0,0 +1,5 @@
+# shellcheck shell=sh
+if [ "$(id -u)" -gt 999 ] && [ "$(id -gn)" = "$(id -un)" ]; then
+    umask 007
+fi
+

roles/autofs/tasks/main.yml

@@ -80,3 +80,14 @@
   with_items:
     - usercache.sh
     - usercache.csh
+
+- name: Set umask for users
+  ansible.builtin.copy:
+    dest: "/etc/profile.d/{{ item }}"
+    src: "{{ item }}"
+    mode: "0644"
+    owner: root
+    group: "{{ ansible_wheel }}"
+  with_items:
+    - umask.sh
+    - umask.csh