FreeBSD-EN-21:08.freebsd-update : freebsd-update passwd regeneration
Versions Affected : All versions prior to TrueNAS 12.0-U3
Description
The existing logic to try and avoid regenerating passwd/login.conf files relies on timestamp comparisons between old and new files, with the caveat that it’s comparing the installed with a timestamp that has been clobbered to do the comparison.
User and login.conf changes coming in from a binary update may not properly regenerate the databases for the changes to take effect.
Workaround
To workaround this issue, one may regenerate databases manually with pwd_mkdb(8) and cap_mkdb(1), e.g.,
pwd_mkdb -p /etc/master.passwd
cap_mkdb /etc/login.conf
Mitigation
- Upgrade to TrueNAS 12.0-U3 or later.
Commit
- FreeBSD Revision : r369356
- TrueNAS Commit : 2b4fece
- TrueNAS Commit : 42c7377
- JIRA Ticket : NAS-109604