F38, Linux 6.4.9-200.fc38.x86_64, Wayland, Gnome 44.3
Though applies to all earlier versions going back to at least F33
Currently all applications run from the gnome menus (emacs, firefox, etc.) have a umask of 022 thus making all user files world readable, and the user is given no choice about this, because the umask in .profile, .bashrc, login are ignored.
(Fedora Linux permissions for created home directories prevent users from looking at each others files at the /home level. This prevents users from sharing files which might or might not be a good thing. Other Linux versions do not do this. Also, sometimes home is mounted from another volume.)
In Parot Linux they are using lightDM, and it reads the umask from .profile. I tried that but it does not work for F38/Wayland/Gnome.
On Fedora since F33, to set a different umask I add:
session optional pam_umask.so
to /etc/pam.d/login and to /etc/pam.d/systemd-user. Then I set the UMASK in login.defs. I have to create the file /etc/pam.d/systemd-user as it is not there on a fresh install.
Of course a user can not do that, so users get the default umask I set, which is not so permissive. This is not so bad, as chmod can be used if the user wants a file to be world readable, etc.
Is there an easier/better way to set the default umask for gnome sessions on F38?
Additional note, adding the ‘session optional pam umask.so’ line to the two files mentinoed above caused the audio devices to disappear (perhaps only from virtual machines), so not only is it lengthy, it breaks things. Gregory’s solution checked below, works without affecting audio devices.