Polkit merger with last update

I thought that’s what they meant by writing

Maybe I didn’t understand the initial reference.

No - it was me who didn’t pay attention.

1 Like

I honestly don’t know, since I’m not using Manjaro. I would guess that the file was provided by previous version of polkit and not afterwards and it was in a backup array in PKGBUILD.

1 Like

No need to be sorry!

Truth is, only the OP knows what is going on in their system. We all here are trying to understand what’s going on in someone else’s system.

I’m not in front of my PC right now, but I also think that I didn’t have a .pacsave file after that update. Have to check it again.

I’ll break things down in order of events:

  1. Ran sudo pacman -Syu
  2. Installed the latest update (2024-02-21) from stable channel
  3. Rebooted
  4. Found /etc/pam.d/polkit-1.pacsave
  5. Tried to find /etc/pam.d/polkit-1 assuming it would be similar to .pacnew files
  6. Asked on the forum what I should do (i.e. where would polkit-1 be before a .pacsave? - can’t find it)
  7. Seeking clarification as I’m getting different answers!

I am using Manjaro since December 2021 and have been merging .pacnew files just fine. Never encountered .pacsave files as far as I can remember.

You just need to remove the pacsave.

There could be some edge case where there is something important in there…
But thats extremely unlikely, and even more so if you never touched it.

Well - what is the content of the .pacsave?
As I said: I do not have it - likely because my system never had a file there - it is not as “old” as yours.

Compare with /usr/lib/pam.d/polkit-1

I’m sure no action is needed - the system works as it is right now, doesn’t it?
The .pacsave is what was there before - with that suffix it will do nothing
so you can just as well delete it.

Here is the output for /usr/lib/pam.d/polkit-1:


auth       include      system-auth
account    include      system-auth
password   include      system-auth
session    include      system-auth

And here is the output for /etc/pam.d/polkit-1.pacsave:


auth required pam_env.so
auth sufficient pam_fprintd.so
auth sufficient pam_unix.so try_first_pass likeauth nullok
auth required pam_deny.so
auth       include      system-auth
account    include      system-auth
password   include      system-auth
session    include      system-auth

We can see the .pacsave file has 4 more lines than /usr/lib/pam.d/polkit-1. This brings it back to my question on how am I supposed to merge them, if at all? I would have deleted the .pacsave after seeing replies from people but I’m not quite sure what I’m supposed to do with the differences in the files. Is it really still OK to delete it? Should I merge them? Much appreciate your responses!

You are not supposed to merge them.
You can leave it like it is now if you can’t bring yourself to delete the .pacsave file.
The file - with that ending (xxx.pacsave) - has no effect anyway (AFAIK).
It’s as good as if it wasn’t even there.

Or move it to some other place in case you want to preserve it and be able to see the effect of it’s removal.

How is .pacsave different from .pacnew?

Is /etc/pam.d/polkit-1.pacsave inactive or /usr/lib/pam.d/polkit-1? Also, has /etc/pam.d/polkit-1 always existed and it turned into /etc/pam.d/polkit-1.pacsave after the update?

Does it make a difference if I leave it vs saving the file somewhere else and deleting it from /etc/pam.d/?

And do I delete the actual /etc/pam.d/polkit-1.pacsave file or just remove .pacsave from the name so it’s renamed to /etc/pam.d/polkit-1?

Sorry for asking so many questions! I’m just being nervous as I have never experienced something like this :slightly_smiling_face:

To quote above, again.

Yes, because it has the pacsave extension, rendering it inoperable.**
** actually. this is normally the case with files that end in a certain extension like .conf
As these pam files have no extension … maybe the pacsave version is still valid for pam? :thinking:


Not really, though it would make a difference in some eventuality that you tried to edit/reinstate it using pacdiff -s, as it would just parse the found pacsave file … not move it back to its original location.
But as you wont be needing this, and will be removing it, and would know where to put it later, and are intent on keeping the backup to look at and ostensibly eventually remove … then sure … do the copy to home keeping the backup if you like.

I learn something on this Post as well…

To simplify:

  • pacnew is file that did not Automatic updated and has to be merged by the User.
  • pacsave is a file that got safe before the original file got overwritten by an update, like a Log, if the User has Personal setting that they later on want to bring back.
1 Like

Do I delete the actual /etc/pam.d/polkit-1.pacsave file or just remove .pacsave suffix from the name so it’s renamed to /etc/pam.d/polkit-1?

You can delete polkit-1.pacsave

sudo rm /etc/pam.d/polkit-1.pacsave

Would be returning it to original state.
Not recommended.

That would be the recommendation.
As would be facilitated by pacdiff -s

ex (this is what happens after I created the file and then run pacdiff):

$ pacdiff -s
==> pacsave file found for /etc/pam.d/polkit-1
==> WARNING: /etc/pam.d/polkit-1 does not exist
rm: remove regular file '/etc/pam.d/polkit-1.pacsave'?

(manual actions like sudo rm are also acceptable … but … all the things are handled by pacdiff)

1 Like

Thank you for clarifying!

So in summary, delete the pacsave and store its contents somewhere just in case? I just have one more question: how come the outputs for /usr/lib/pam.d/polkit-1 and /etc/pam.d/polkit-1 are different? We don’t merge them, right? So do those extra 4 lines (posted above in one of the replies) have any significance? I’m just trying to understand why a pacsave would be created if we simply delete it.

Because someone or something changed the original /etc/pam.d/polkit-1. Only you can know who or what did that.

Does your system have any problems without them? Then no.

EDIT Those lines look like they are connected with fingerprint reader authentication. Do you remember doing anything like that?

Basically, yes.
you can’t first delete it and then try to save it :grinning:
just move it away from there.
Or first copy, then delete original.
(I’m pretty sure that is what you meant to say …)

Be pragmatic:
the file is already disabled - it has no function anymore (that is what renaming it to xyz.pacsave does)
So you can either leave it or remove it.
The effect is the same - there is none.

They once, in the past, where there for some reason.
The whole file in /etc/pam.d/ is - again for some reason which I don’t know - not needed anymore.
Unless you deliberately made changes to it.
That is why it is saved (remamed to xyz.pacsave) - so your deliberate changes don’t just get wiped out.

pacman/Pacnew and Pacsave - ArchWiki

I once followed Linux Hardening Guide | Madaidan's Insecurities to improve security. I ended up reverting all the changes I made from what I could recall to prevent system issues (never happened but just in case). There were mentions of file modification recommendations in /etc/pam.d/ but none for polkit from a CTRL-F of the site and I don’t recall making any changes to polkit.

Nope. I don’t have fingerprint reader on my hardware anyway.

So sorry if I sound like I’m repeating things I’m really just afraid of messing up my system (I’ve done stupid things before plus I run encrypted so harder to recover). Already got a facepalm by a user :confused:

Then you don’t need those 4 extra lines and I have no idea how they got there. Just delete /etc/pam.d/polkit-1.pacsave and you’re done.

1 Like