User account is broken after 25.10 upgrade due to builtin group membership

TrueNAS General
1

Hi,

I have a user account that was part of two builtin groups (docker, dialout) prior to the 25.10 upgrade. Now that I’ve upgraded, I get an error when trying to add the user to any non-builtin group via the UI:

dialout: membership of this builtin group may not be altered.

Also when trying to remove the user from the group, I get an error:

[EINVAL] group_update.id: Immutable groups cannot be changed

Is there any way to recover the account?

Thank you

1 Like
2

Having the same issue with the render group on 25.10. Can’t add the apps user to the group.

3

yep same issue. stuck with all my users having ssh access.

you would have thought they would have ensured the groups were clean before upgrading to a non-changeable version

4

  1. Revert back to the previous version using the built-in method under System → Boot.

  2. Change the group memberships.

  3. Upgrade to 25.10 again.

1 Like
5

doesn’t work for me. I made a fresh boot drive with a clean install, so i could create mirrored boot drives.

then restored the old system back. so i am fck is what you are saying

6

I wouldn’t say that.

You can probably export the database-file, edit it directly and then import that into a new install.
But I can’t guide you through those steps.

There may also be an easier way.

7

I just updated and was not aware of this issue.
I can’t add the apps user to the render group.

The guard rails are getting annoying.

4 Likes
8

I find a workaround for my needs.
For monitoring purpose, the SNMP user '“Debian-snmp” needs to have access to Docker sock.
Usually, I add the snmpd user to Docker group or, in rare cases, to sudo group.

To achieve this with 25.10 Goldeye, I create a new group in Credentials > Groups > Top-right button Privileges > Add .

I added a new group “snmp-admin” with builtin “Debian-snmp” group in it.
For the moment, in the drop-down menu “Roles”, I selected “All” the time to isolate the good one(s)…
My LibreNMS can now access again to containers telemetry hosted inside TrueNAS.

9

Please elaborate. I tried that and did not succeed, but perhaps I am doing something differently.

As far as I understand, privileges are for the Web UI and API. They are not reflected in /etc/group, which is what matters if a process owned by a user wants to access /var/run/docker.sock . What is the mechanism that helped in your case?

Thanks

10

You’re right, this has nothing to do with system privileges…
A leftover configuration made me think it was working.:man_facepalming:
Sorry for the false alarm!

Edit: so, this command still works on each reboot… :sweat_smile:

usermod -a -G docker Debian-snmp

1 Like