I learn something on this Post as well…
To simplify:
pacnew is file that did not Automatic updated and has to be merged by the User.pacsave is a file that got safe before the original file got overwritten by an update, like a Log, if the User has Personal setting that they later on want to bring back.Do I delete the actual /etc/pam.d/polkit-1.pacsave file or just remove .pacsave suffix from the name so it’s renamed to /etc/pam.d/polkit-1?
You can delete polkit-1.pacsave
sudo rm /etc/pam.d/polkit-1.pacsave
Would be returning it to original state.
Not recommended.
That would be the recommendation.
As would be facilitated by pacdiff -s
ex (this is what happens after I created the file and then run pacdiff):
$ pacdiff -s
==> pacsave file found for /etc/pam.d/polkit-1
==> WARNING: /etc/pam.d/polkit-1 does not exist
rm: remove regular file '/etc/pam.d/polkit-1.pacsave'?
(manual actions like sudo rm are also acceptable … but … all the things are handled by pacdiff)
Thank you for clarifying!
So in summary, delete the pacsave and store its contents somewhere just in case? I just have one more question: how come the outputs for /usr/lib/pam.d/polkit-1 and /etc/pam.d/polkit-1 are different? We don’t merge them, right? So do those extra 4 lines (posted above in one of the replies) have any significance? I’m just trying to understand why a pacsave would be created if we simply delete it.
Because someone or something changed the original /etc/pam.d/polkit-1. Only you can know who or what did that.
Does your system have any problems without them? Then no.
EDIT Those lines look like they are connected with fingerprint reader authentication. Do you remember doing anything like that?
Basically, yes.
But:
you can’t first delete it and then try to save it 
just move it away from there.
Or first copy, then delete original.
(I’m pretty sure that is what you meant to say …)
Be pragmatic:
the file is already disabled - it has no function anymore (that is what renaming it to xyz.pacsave does)
So you can either leave it or remove it.
The effect is the same - there is none.
They once, in the past, where there for some reason.
The whole file in /etc/pam.d/ is - again for some reason which I don’t know - not needed anymore.
Unless you deliberately made changes to it.
That is why it is saved (remamed to xyz.pacsave) - so your deliberate changes don’t just get wiped out.
I once followed Linux Hardening Guide | Madaidan's Insecurities to improve security. I ended up reverting all the changes I made from what I could recall to prevent system issues (never happened but just in case). There were mentions of file modification recommendations in /etc/pam.d/ but none for polkit from a CTRL-F of the site and I don’t recall making any changes to polkit.
Nope. I don’t have fingerprint reader on my hardware anyway.
So sorry if I sound like I’m repeating things I’m really just afraid of messing up my system (I’ve done stupid things before plus I run encrypted so harder to recover). Already got a facepalm by a user 
Then you don’t need those 4 extra lines and I have no idea how they got there. Just delete /etc/pam.d/polkit-1.pacsave and you’re done.
timeshiftNote: I there is a file on your system that is not in the VM I could be from a Program you have installed and using.
last try:
Got it. And if I were to keep it and an update happens to create the same file it would just overwrite it?
No.
Because there is no file anymore, of which a backup would need to be created.
No /etc/pam.d/polkit-1 → no /etc/pam.d/polkit-1.pacsave is being created.
I think this thread has gone on long enough. Answers have already been provided. Please mark the most appropriate post as the solution.
This topic was automatically closed 36 hours after the last reply. New replies are no longer allowed.