diff --git a/SOURCES/shadow-utils.login.defs b/SOURCES/shadow-utils.login.defs
index 0adfb66..12d516c 100644
--- a/SOURCES/shadow-utils.login.defs
+++ b/SOURCES/shadow-utils.login.defs
@@ -15,6 +15,20 @@
MAIL_DIR /var/spool/mail
#MAIL_FILE .mail
+# Default initial "umask" value used by login(1) on non-PAM enabled systems.
+# Default "umask" value for pam_umask(8) on PAM enabled systems.
+# UMASK is also used by useradd(8) and newusers(8) to set the mode for new
+# home directories if HOME_MODE is not set.
+# 022 is the default value, but 027, or even 077, could be considered
+# for increased privacy. There is no One True Answer here: each sysadmin
+# must make up their mind.
+UMASK 022
+
+# HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new
+# home directories.
+# If HOME_MODE is not set, the value of UMASK is used to create the mode.
+HOME_MODE 0700
+
# Password aging controls:
#
# PASS_MAX_DAYS Maximum number of days a password may be used.
@@ -59,10 +73,6 @@ SYS_GID_MAX 999
#
CREATE_HOME yes
-# The permission mask is initialized to this value. If not specified,
-# the permission mask will be initialized to 022.
-UMASK 077
-
# This enables userdel to remove user groups if no members exist.
#
USERGROUPS_ENAB yes
diff --git a/SPECS/shadow-utils.spec b/SPECS/shadow-utils.spec
index 24e0573..81dfeef 100644
--- a/SPECS/shadow-utils.spec
+++ b/SPECS/shadow-utils.spec
@@ -1,7 +1,7 @@
Summary: Utilities for managing accounts and shadow password files
Name: shadow-utils
Version: 4.6
-Release: 10%{?dist}
+Release: 11%{?dist}
Epoch: 2
URL: http://pkg-shadow.alioth.debian.org/
Source0: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz
@@ -259,6 +259,9 @@ done
%{_mandir}/man8/vigr.8*
%changelog
+* Fri Aug 7 2020 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.6-11
+- change UMASK value and add HOME_MODE in login.defs (#1777718)
+
* Tue May 5 2020 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.6-10
- check only local groups when adding new supplementary groups to a user