diff --git a/roles/usb_lib/README.rst b/roles/usb_lib/README.rst
index 04bd2de05..439fa9c86 100644
--- a/roles/usb_lib/README.rst
+++ b/roles/usb_lib/README.rst
@@ -20,7 +20,7 @@ Automount is handled by usbmount, and scripts in this role look in the root of t
 
 USB drives must be formatted with one of the filesystems listed under "FILESYSTEMS=" at ``/etc/usbmount/usbmount.conf`` — these are specified on/around Line 76 of: `/opt/iiab/iiab/roles/usb_lib/tasks/install.yml <https://github.com/iiab/iiab/blob/master/roles/usb_lib/tasks/install.yml#L76>`_
 
-IIAB will generally mount USB drives 'rw' allowing root to both read and write to them.  In addition, in March 2021 (`PR #2715 <https://github.com/iiab/iiab/issues/2715>`_) Kolibri exports were enabled by also giving non-root users read and write access to VFAT/FAT32, NTFS and exFAT USB drives, using ``umask=0000`` (in /etc/usbmount/usbmount.conf) to override the ``umask=0022`` default.  If however you prefer to restore usbmount's default, set ``usb_lib_umask0000_for_kolibri: False`` in `/etc/iiab/local_vars.yml <http://FAQ.IIAB.IO/#What_is_local_vars.yml_and_how_do_I_customize_it.3F>`_ prior to installing IIAB.
+IIAB will generally mount USB drives 'rw' allowing root to both read and write to them.  In addition, in March 2021 (`PR #2715 <https://github.com/iiab/iiab/issues/2715>`_) Kolibri exports were enabled by also giving non-root users read and write access to VFAT/FAT32, NTFS and exFAT USB drives, using ``umask=0000`` (in /etc/usbmount/usbmount.conf) to override the ``umask=0022`` default.  If however you prefer to restore usbmount's default, set ``usb_lib_umask0000_for_kolibri: False`` in `/etc/iiab/local_vars.yml <http://FAQ.IIAB.IO/#What_is_local_vars.yml_and_how_do_I_customize_it.3F>`_ (preferably do this prior to installing IIAB).
 
 Official `usbmount 0.0.22 (2011-08-08) <https://github.com/rbrito/usbmount/releases>`_ documentation:
 
diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml
index 915128f2b..25b671f06 100644
--- a/roles/usb_lib/tasks/install.yml
+++ b/roles/usb_lib/tasks/install.yml
@@ -76,29 +76,6 @@
     line: 'FILESYSTEMS="vfat ext2 ext3 ext4 hfsplus exfat fuseblk ntfs"'
     path: /etc/usbmount/usbmount.conf
 
-- name: "Set 'umask=0000' for {VFAT/FAT32, NTFS, exFAT} using var FS_MOUNTOPTIONS in /etc/usbmount/usbmount.conf, so Kolibri exports work"
-  lineinfile:
-    regexp: '^FS_MOUNTOPTIONS=.*'
-    line: 'FS_MOUNTOPTIONS="-fstype=vfat,umask=0000 -fstype=ntfs,umask=0000 -fstype=exfat,umask=0000"'
-    path: /etc/usbmount/usbmount.conf
-  when: usb_lib_umask0000_for_kolibri
-
-# Setting 'umask=0000' for all filesystems: (much the same thing as above, as
-# the mount command does not use this umask setting for filesystems like ext4)
-#- name: "Add ',umask=0000' to MOUNTOPTIONS var in /etc/usbmount/usbmount.conf, so Kolibri exports work"
-#  lineinfile:
-#    regexp: '^MOUNTOPTIONS=.*'
-#    line: 'MOUNTOPTIONS="sync,noexec,nodev,noatime,nodiratime,umask=0000"'
-#    path: /etc/usbmount/usbmount.conf
-#  when: usb_lib_umask0000_for_kolibri
-
-- name: 'Set FS_MOUNTOPTIONS="" in /etc/usbmount/usbmount.conf, e.g. if Kolibri will not be used'
-  lineinfile:
-    regexp: '^FS_MOUNTOPTIONS=.*'
-    line: 'FS_MOUNTOPTIONS=""'    # Restore apt pkg default, if runrole forced
-    path: /etc/usbmount/usbmount.conf
-  when: not usb_lib_umask0000_for_kolibri
-
 # 2021-03-25: Consider removing this stanza & all of this role's Apache logic!
 - name: Install /etc/{{ apache_conf_dir }}/content_dir.conf from template
   template:
diff --git a/roles/usb_lib/tasks/main.yml b/roles/usb_lib/tasks/main.yml
index 6c9011a7e..da1bd6c12 100644
--- a/roles/usb_lib/tasks/main.yml
+++ b/roles/usb_lib/tasks/main.yml
@@ -30,6 +30,32 @@
   when: usb_lib_installed is undefined
 
 
+# If setup.yml becomes the norm in future, put the 2-3 stanzas below in there:
+
+- name: "Set 'umask=0000' for {VFAT/FAT32, NTFS, exFAT} using var FS_MOUNTOPTIONS in /etc/usbmount/usbmount.conf, so Kolibri exports work"
+  lineinfile:
+    regexp: '^FS_MOUNTOPTIONS=.*'
+    line: 'FS_MOUNTOPTIONS="-fstype=vfat,umask=0000 -fstype=ntfs,umask=0000 -fstype=exfat,umask=0000"'
+    path: /etc/usbmount/usbmount.conf
+  when: usb_lib_umask0000_for_kolibri
+
+# Setting 'umask=0000' for all filesystems: (much the same thing as above, as
+# the mount command does not use this umask setting for filesystems like ext4)
+#- name: "Add ',umask=0000' to MOUNTOPTIONS var in /etc/usbmount/usbmount.conf, so Kolibri exports work"
+#  lineinfile:
+#    regexp: '^MOUNTOPTIONS=.*'
+#    line: 'MOUNTOPTIONS="sync,noexec,nodev,noatime,nodiratime,umask=0000"'
+#    path: /etc/usbmount/usbmount.conf
+#  when: usb_lib_umask0000_for_kolibri
+
+- name: 'Set FS_MOUNTOPTIONS="" in /etc/usbmount/usbmount.conf, e.g. if Kolibri will not be used'
+  lineinfile:
+    regexp: '^FS_MOUNTOPTIONS=.*'
+    line: 'FS_MOUNTOPTIONS=""'    # Restore apt pkg default, e.g. for runrole
+    path: /etc/usbmount/usbmount.conf
+  when: not usb_lib_umask0000_for_kolibri
+
+
 - name: Enable/Disable/Restart Apache if primary
   include_tasks: apache.yml
   when: not nginx_enabled
@@ -60,3 +86,5 @@
       value: "{{ usb_lib_install }}"
     - option: usb_lib_enabled
       value: "{{ usb_lib_enabled }}"
+    - option: usb_lib_umask0000_for_kolibri
+      value: "{{ usb_lib_umask0000_for_kolibri }}"