Versions Affected : All versions prior to TrueNAS 12.0-U3


Description

The existing logic to try and avoid regenerating passwd/login.conf files relies on timestamp comparisons between old and new files, with the caveat that it’s comparing the installed with a timestamp that has been clobbered to do the comparison.

User and login.conf changes coming in from a binary update may not properly regenerate the databases for the changes to take effect.


Workaround

To workaround this issue, one may regenerate databases manually with pwd_mkdb(8) and cap_mkdb(1), e.g.,

pwd_mkdb -p /etc/master.passwd
cap_mkdb /etc/login.conf

Mitigation

  • Upgrade to TrueNAS 12.0-U3 or later.

Commit


Further information