> On Wed, 13 Dec 2023 at 13:59:03 +0100, Harald Dunkel wrote:
> > Problem with polkitd.postinst:
> > 
> > "getent passwd polkitd" can fail, even though polkitd can be found
> > in /etc/passwd.
> In what situation does this fail?

On Thu, 14 Dec 2023 11:38:16 +0100 Harald Dunkel
<harald.dun...@aixigo.com> wrote:
> Hi Simon,
> getent queries all databases, as listed in /etc/nsswitch.conf, AFAIU.
> I would suggest to use
>       getent -s files passwd polkitd

Sorry I do not understand hw this explain in what situatoin `getent
passwd polkitd` fails when polkitd user is in /etc/passwd.
Could you be more specific?

> to query /etc/passwd only and to ignore remote databases based on
> or NIS or similar. polkitd is supposed to be a local system user.

> I stumbled over this during the upgrade Debian 11 --> 12 in a chroot.
> Somehow polkitd couldn't be installed because the polkitd user and
> were missing. Actually I am not sure how this happened, but after
> manually adding local user and group entries for polkitd installation
> succeeded.

If it works in a chroot after adding the polkitd user to /etc/passwd
this might be another issue (ie one where polkitd is not in /etc/passwd
). Could you confirm?

Could it be that polkitd user was missing from /etc/passwd in the first
place and the `getent` code was OK?
So the issue would be why polkitd ended up missing in /etc/passwd.

I do not see how other NSS databases could relate to this issue. If
polkitd was in /etc/passwd, with or without other NSS DBs "getent
passwd  polkitd" should work>.
Does `getent -s files passwd polkitd` really worked while `getent
passwd polkitd` did not?


Reply via email to