Improve ansible remediation of accounts_umask_etc_login_defs.

linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/ansible/shared.yml

@@ -5,16 +5,35 @@
 # disruption = low
 {{{ ansible_instantiate_variables("var_accounts_user_umask") }}}
 
-- name: Ensure the Default UMASK is Set Correctly
-  replace:
+- name: Check if UMASK is already set
+  ansible.builtin.lineinfile:
     path: /etc/login.defs
-    regexp: "^UMASK"
-    replace: "UMASK {{ var_accounts_user_umask }}"
-  register: umask_replace
+    regexp: ^(?!#)(\s*)UMASK\s+.*
+    state: absent
+  check_mode: yes
+  changed_when: false
+  register: result_umask_is_set
+
+- name: Check if UMASK is already correctly set
+  ansible.builtin.lineinfile:
+    path: /etc/login.defs
+    regexp: '^(?!#)(\s*)UMASK\s+{{ var_accounts_user_umask }}\s*$'
+    state: absent
+  check_mode: yes
+  changed_when: false
+  when: result_umask_is_set.found == 1
+  register: result_umask_is_correctly_set
+
+- name: Replace user UMASK in /etc/login.defs
+  ansible.builtin.replace:
+    path: /etc/login.defs
+    regexp: ^(?!#)(\s*)UMASK(\s+).*
+    replace: '\g<1>UMASK\g<2>{{ var_accounts_user_umask }}'
+  when: result_umask_is_correctly_set is defined and result_umask_is_correctly_set.found == 0
 
 - name: Ensure the Default UMASK is Appended Correctly
   lineinfile:
     create: yes
     path: /etc/login.defs
     line: "UMASK {{ var_accounts_user_umask }}"
-  when: umask_replace is not changed
+  when: result_umask_is_set.found == 0