I'm trying to set the default umask to 002 for all users including root on my CentOS box.

According to this and other answers, this can be achieved by editing /etc/profile. However the comments at the top of that file say:

It's NOT a good idea to change this file unless you know what you are doing. It's much better to create a custom.sh shell script in /etc/profile.d/ to make custom changes to your environment, as this will prevent the need for merging in future updates.

So I went ahead and created the following file:
/etc/profile.d/myapp.sh
with the single line:

umask 002

Now, when I create a file logged in as root, the file is born with 664 permissions, the way I had hoped. But files created by my Apache wsgi application, or files created with sudo, still default to 644 permissions...

$ touch newfile (as root):
Result = 664 (Works)

$ sudo touch newfile:
Result = 644 (Doesn't work)

Files created by Apache wsgi app:
Result = 644 (Doesn't work)

Files created by Python's RotatingFileHandler:
Result = 644 (Doesn't work)

Why is this happening, and how can I ensure 664 file permissions system wide, no matter what creates the file?

UPDATE:

I ended up finding a cleaner solution to this on a per-directory basis using ACLs, which I describe here.