$GDM_USER has no access to $XDG_DATA after manually changing location of $XDG_DATA

I have a small office with 5 desktops and a server, all of them running on Debian. I have just upgraded the clients to Stretch and see only 1 error in the journal that bothers me: > gnome-settings-: failed to create profile from EDID data: failed to save ICC file: Error opening file ‘/var/data/users/Debian-gdm/icc/edid-93ed9b01fe8febb07668e99b557191e9.icc’: Access denied gnome-settings-: failed to create profile from EDID data: failed to save ICC file: Error opening file ‘/var/data/users/Debian-gdm/icc/edid-93ed9b01fe8febb07668e99b557191e9.icc’: Access denied gnome-settings-: failed to set screen _ICC_PROFILE: Opening file ‘/var/data/users/vincent/icc/edid-93ed9b01fe8febb07668e99b557191e9.icc’ failed: Access denied As our users $HOME folders are mounted through NFS, I have made sure that all $XDG_DATA and $XDG_CACHE (at least for regular users) are stored locally on the client. Back in 2014 I had found a manual to do it like this: In /etc/profile.d/xdg_dirs.sh: if [ "$USER" == "root" ]; then unset XDG_CACHE_HOME unset XDG_DATA_HOME else test -d $XDG_CACHE_HOME || mkdir -p $XDG_CACHE_HOME test -d $XDG_DATA_HOME || mkdir -p $XDG_DATA_HOME fi In /etc/security/pam_env.conf: XDG_CACHE_HOME DEFAULT="/var/cache/users/@{PAM_USER}" XDG_DATA_HOME DEFAULT="/var/data/users/@{PAM_USER}" I'm pretty sure this has messed up the correct permissions for the Debian-gdm user, but I don't know how to solve it. I tried creating the dir and giving r+w permissions to both Debian-gdm and the default user-groups, but this didn't work. I also tried exclusing the Debian-gdm user from the above script by adding: if [ "$USER" == "root" ] || [ "$USER" == "Debian-gdm" ]; then , but that didn't work as well. Any thoughts?