Cause: NSS changed the permissions of the existing pkcs11.txt file, reverting to the strict default of 0600, even when the file previously had other permissions.
Consequence: This prevented users from adding security modules to their own configuration which is accomplished via acces to the system-wide security databses. If the user has root access the system database is modified otherwise the user's own default database is the one that is modified.
Fix: NSS now keeps the strict default 0600 permissions for new files while preserving the existing permissions when replacing an existing pkcs11.txt file.
Result: Users can now make the necessary modifications to the nss security module database.