Download | Devuan.org | Git | Bugs | Packages

The officially official Devuan Forum!

You are not logged in.

Pages: 1

#1 Today 01:03:08

tux_99
Member
Registered: 2025-06-17
Posts: 72  

Devuan Excalibur polkitd installation bug

There seems to be a bug in the polkitd package. On my Devuan Excalibur install it created the polkitd user with UID 999 and GID 999, despite me having configured /etc/login.defs to assign the range 101 to 499 to system users and 500 to 60000 to normal users.

In other words it looks like the polkitd package creates the polkitd user ignoring the settings in /etc/login.defs.

All other system packages that during installation create users and/or groups that I installed so far have respected my settings in /etc/login.defs and in /etc/adduser.conf as expected.

Here are the settings I have in  /etc/login.defs:

UID_MIN			  500
UID_MAX			60000
SYS_UID_MIN		  101
SYS_UID_MAX		  499
GID_MIN			  500
GID_MAX			60000
SYS_GID_MIN		  101
SYS_GID_MAX		  499

And in /etc/adduser.conf I have:

$ more /etc/adduser.conf |grep ID|grep -v ^#
LAST_SYSTEM_UID=499
LAST_SYSTEM_GID=499
FIRST_UID=500
FIRST_GID=500

And this is what my /etc/passwd and /etc/group contains after installation of the polkitd package:

$ grep polkit /etc/passwd /etc/group
/etc/passwd:polkitd:x:999:999:User for polkitd:/:/usr/sbin/nologin
/etc/group:polkitd:x:999:

It appears to me that this is a forked Devuan package, not a Debian package (the version string says so:126-2devuan1+excalibur1 ).
Where should I report this to?

Last edited by tux_99 (Today 01:29:54)

Offline

#2 Today 02:03:40

tux_99
Member
Registered: 2025-06-17
Posts: 72  

Re: Devuan Excalibur polkitd installation bug

Actually the bug (or rather missbehaviour) seems to be coming from /usr/bin/systemd-sysusers (which the polkitd package seems to prefer over adduser to create the polkitd user/group) from the package systemd-standalone-sysusers which completely ignores any settings in  /etc/login.defs and in /etc/adduser.conf.

Why does Devuan prefer systemd-sysusers to create system users during installation rather than adduser?

Why do we even have this disrespectful (of the user configuration) systemd derived package in Devuan?

Last edited by tux_99 (Today 02:42:25)

Offline

#3 Today 02:36:48

tux_99
Member
Registered: 2025-06-17
Posts: 72  

Re: Devuan Excalibur polkitd installation bug

On the systemd webpage says:

Some older systems placed the boundary at 499/500, or even 99/100, and some distributions allow the boundary between system and regular users to be changed via local configuration. In systemd, the boundary is configurable during compilation time and is also queried from /etc/login.defs at runtime, if the -Dcompat-mutable-uid-boundaries=true compile-time setting is used.

https://systemd.io/UIDS-GIDS/

I checked the debian/rules file of the source package for systemd-standalone-sysusers and didn't find this compile time flag (-Dcompat-mutable-uid-boundaries=true) so it appears an omission of the Debian systemd source package (that generates the binary package systemd-standalone-sysusers).

On the other hand it would be better if the polkitd package didn't use this systemd tool but rather adduser, especially since it seems to be already set up to use adduser but it gives preference to systemd-sysusers if it finds it, see debian/polkitd.postinst (policykit-1-126 source):

        if command -v systemd-sysusers >/dev/null; then
            systemd-sysusers ${DPKG_ROOT:+--root="$DPKG_ROOT"} polkit.conf
        else
            adduser --group --system --quiet --gecos 'polkit' \
                --no-create-home --home /nonexistent polkitd
            addgroup --system --quiet polkitd
        fi

IMHO the above should be changed to always use adduser and since this is a Devuan package it would be easier to fix rather than getting Debian to add the compile time flag to the systemd package.

There is even a 3 year old open bug report about this missing compile flag for systemd in debians bugtracker but nobody seems to have done anything about it:
https://bugs.debian.org/cgi-bin/bugrepo … ug=1029785

Therefore I really think it would be better for Devuan to remove this systemd dependency from the Devuan polkit package (which is forked already) and use exclusively 'adduser' in the postinst script of polkitd.

Last edited by tux_99 (Today 02:57:18)

Offline

#4 Today 04:37:18

RedGreen925
Member
Registered: 2024-12-07
Posts: 208  

Re: Devuan Excalibur polkitd installation bug

"Why does Devuan prefer systemd-sysusers to create system users during installation rather than adduser?"

It is nowhere to be found on my Excalibur  install or even there to be installed.

root@9600k:~# apt policy systemd-sysusers
systemd-sysusers:
  Installed: (none)
  Candidate: (none)
  Version table:
root@9600k:~# cat /etc/os-release
PRETTY_NAME="Devuan GNU/Linux 6 (excalibur)"
NAME="Devuan GNU/Linux"
VERSION_ID="6"
VERSION="6 (excalibur)"
VERSION_CODENAME="excalibur"
ID=devuan
ID_LIKE=debian
HOME_URL="https://www.devuan.org/"
SUPPORT_URL="https://devuan.org/os/community"
BUG_REPORT_URL="https://bugs.devuan.org/"

I would check your policy output and perhaps your sources to figure out where you got it from.

root@9600k:~# cat /etc/apt/sources.list.d/devuan.sources 
## Devuan 6 excalibur
## The new style method of using repositories to install software.
## This /etc/apt/sources.list.d/devuan.sources is new style and location file
## The /etc/apt/old.style.sources.list contains the same as this.
## https://linuxconfig.org/ubuntus-repository-configuration-ubuntu-sources-have-moved-to-etc-apt-sources-list-d-ubuntu-sources

## Normal excalibur sources
Types: deb
URIs: http://gnlug.org/pub/devuan/merged 
Suites: excalibur excalibur-backports excalibur-proposed-updates  excalibur-updates
Components: main non-free contrib non-free-firmware
Enabled: yes
Signed-By: /usr/share/keyrings/devuan-archive-keyring.gpg
Architectures: amd64

## excalibur security sources
Types: deb
URIs: http://gnlug.org/pub/devuan/merged
Suites: excalibur-security
Components: main non-free contrib non-free-firmware
Enabled: yes
Signed-By: /usr/share/keyrings/devuan-archive-keyring.gpg
Architectures: amd64

Offline

#5 Today 06:25:44

stultumanto
Member
Registered: 2023-12-12
Posts: 118  

Re: Devuan Excalibur polkitd installation bug

According to apt-file, /usr/bin/systemd-sysusers can be installed by either opensysusers or systemd-standalone-users. The latter package is a dependency of cron-daemon-common and openssh-server, among others.

Offline

#6 Today 14:26:17

RedGreen925
Member
Registered: 2024-12-07
Posts: 208  

Re: Devuan Excalibur polkitd installation bug

The systemd-standalone-users is likewise nowhere to be found on my system the other has candicate but is not installed.

zeus@9600k:~$ apt policy opensysusers systemd-standalone-users
opensysusers:
  Installed: (none)
  Candidate: 0.7.3-5
  Version table:
     0.7.3-5 990
        990 http://gnlug.org/pub/devuan/merged excalibur/main amd64 Packages
N: Unable to locate package systemd-standalone-users

Both of the packages mentioned as having them as a dependency are installed without them.

zeus@9600k:~$ apt policy cron-daemon-common openssh-server
cron-daemon-common:
  Installed: 3.0pl1-197
  Candidate: 3.0pl1-197
  Version table:
 *** 3.0pl1-197 990
        990 http://gnlug.org/pub/devuan/merged excalibur/main amd64 Packages
        100 /var/lib/dpkg/status
openssh-server:
  Installed: 1:10.0p1-7
  Candidate: 1:10.0p1-7
  Version table:
     1:10.2p1-2~bpo13+1 100
        100 http://gnlug.org/pub/devuan/merged excalibur-backports/main amd64 Packages
 *** 1:10.0p1-7 990
        990 http://gnlug.org/pub/devuan/merged excalibur/main amd64 Packages
        100 /var/lib/dpkg/status

Offline

#7 Today 14:44:07

fsmithred
Administrator
Registered: 2016-11-25
Posts: 2,767  

Re: Devuan Excalibur polkitd installation bug

N: Unable to locate package systemd-standalone-users

It gets confusing with all the overlapping names. The correct name for that package is systemd-standalone-sysusers

# apt remove systemd-standalone-sysusers
The following packages were automatically installed and are no longer required:
  libwtmpdb0  openssh-sftp-server
Use 'apt autoremove' to remove them.

REMOVING:
  cron  cron-daemon-common  openssh-server  systemd-standalone-sysusers

Installing opensysusers instead will remove systemd-standalone-sysusers without removing cron or ssh.
And either one of those will give you /usr/bin/systemd-sysusers.

Offline

#8 Today 14:52:52

tux_99
Member
Registered: 2025-06-17
Posts: 72  

Re: Devuan Excalibur polkitd installation bug

tux_99 wrote:

There is even a 3 year old open bug report about this missing compile flag for systemd in debians bugtracker but nobody seems to have done anything about it: https://bugs.debian.org/cgi-bin/bugrepo … ug=1029785

Guess where the Debian systemd maintainer that seems unwilling to fix this bug works:

Software engineer at Microsoft by day, open source developer involved in various projects by night (systemd maintainer, DPDK LTS maintainer, ZeroMQ project co-lead, Debian Developer)

https://archive.fosdem.org/2023/schedul … _boccassi/

I'm starting to realize more and more that Debian is no longer an independent community distro at all, not only is it full of Canonical (understandable) and IBM/Redhat Devs (less understandable), there are even Microsoft Employees involved with core packages of Debian...

fsmithred wrote:

Installing opensysusers instead will remove systemd-standalone-sysusers without removing cron or ssh.

Thanks for the suggestion, I will try that and see whether "opensysusers" takes into account the custom UID/GID ranges configured in  /etc/login.defs.

Last edited by tux_99 (Today 14:53:10)

Offline

Pages: 1

Board footer

Forum Software