“polkit code=exited status=1/FAILURE” – PolicyKit Gagal Memulai di CentOS/RHEL 7 dan 8

Masalahnya

Tidak dapat memulai layanan polkitd, yang selanjutnya memengaruhi layanan lain juga.

# systemctl restart polkit

** (pkttyagent:32189): WARNING **: 13:59:48.884: Unable to register authentication agent: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.freedesktop.PolicyKit1 was not provided by any .service files
Error registering authentication agent: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.freedesktop.PolicyKit1 was not provided by any .service files (g-dbus-error-quark, 2)
Job for polkit.service failed because the control process exited with error code. See "systemctl status polkit.service" and "journalctl -xe" for details.

# systemctl status polkit
● polkit.service - Authorization Manager
   Loaded: loaded (/usr/lib/systemd/system/polkit.service; static; vendor preset: enabled)
   Active: failed (Result: exit-code) since Sat 2019-03-23 13:59:48 IST; 4min 13s ago
     Docs: man:polkit(8)
  Process: 32193 ExecStart=/usr/lib/polkit-1/polkitd --no-debug (code=exited, status=1/FAILURE)
 Main PID: 32193 (code=exited, status=1/FAILURE)

Mar 23 13:59:48 [hostname] systemd[1]: Starting Authorization Manager...
Mar 23 13:59:48 [hostname] systemd[1]: polkit.service: main process exited, code=exited, status=1/FAILURE
Mar 23 13:59:48 [hostname] systemd[1]: Failed to start Authorization Manager.
Mar 23 13:59:48 [hostname] systemd[1]: Unit polkit.service entered failed state.
Mar 23 13:59:48 [hostname] systemd[1]: polkit.service failed.

Solusinya

Masalah ini disebabkan oleh izin yang salah untuk file dan direktori terkait polkit. Polkit digunakan untuk mengontrol hak istimewa seluruh sistem. Ini menyediakan cara terorganisir untuk proses non-hak istimewa untuk berkomunikasi dengan yang istimewa. Berbeda dengan sistem seperti sudo, ini tidak memberikan izin root ke seluruh proses, melainkan memungkinkan tingkat kontrol kebijakan sistem terpusat yang lebih baik.

1. Pastikan user dan group polkitd ada, jika tidak coba install ulang RPM :

# getent passwd polkitd
polkitd:x:999:997:User for polkitd:/:/sbin/nologin
# getent group polkitd
polkitd:x:997:

2. Setel ulang izin dan kepemilikan pengguna/grup untuk semua file yang disediakan oleh paket polkit dan polkit-pkla-compat:

# rpm -Va polkit
# rpm --setugids polkit polkit-pkla-compat
# rpm --setperms polkit polkit-pkla-compat

3. Periksa lagi jika masalah sedang dihadapi lagi. Jika demikian, Coba instal ulang/perbarui RPM ke versi terbaru:

# yum reinstall polkit
...
Resolving Dependencies
--> Running transaction check
---> Package polkit.x86_64 0:0.112-18.0.1.el7 will be reinstalled
--> Finished Dependency Resolution

Dependencies Resolved

==========================================================================================================================================================
 Package                          Arch                             Version                                     Repository                            Size
==========================================================================================================================================================
Reinstalling:
 polkit                           x86_64                           0.112-18.0.1.el7                            rhel7_latest                           168 k

Transaction Summary
==========================================================================================================================================================
Reinstall  1 Package

Total download size: 168 k
Installed size: 473 k
Is this ok [y/d/N]: y
Downloading packages:
polkit-0.112-18.0.1.el7.x86_64.rpm                                                                                                 | 168 kB  00:00:02
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : polkit-0.112-18.0.1.el7.x86_64                                                                                                         1/1
  Verifying  : polkit-0.112-18.0.1.el7.x86_64                                                                                                         1/1

Installed:
  polkit.x86_64 0:0.112-18.0.1.el7

4. Verifikasi status layanan dbus, jika menonaktifkan restart layanan:

#  systemctl status dbus
● dbus.service - D-Bus System Message Bus
   Loaded: loaded (/usr/lib/systemd/system/dbus.service; static; vendor preset: disabled)
   Active: active (running) since Fri 2019-03-22 20:56:05 IST; 17h ago
     Docs: man:dbus-daemon(1)
 Main PID: 13721 (dbus-daemon)
   CGroup: /system.slice/dbus.service
           └─13721 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation

Mar 23 13:57:09 [hostname] dbus[13721]: [system] Activating via systemd: service name='org.freedesktop.login1' unit='dbus-org.freedesktop.login1.service'
Mar 23 13:57:34 [hostname] dbus[13721]: [system] Failed to activate service 'org.freedesktop.login1': timed out
Mar 23 14:07:50 [hostname] dbus[13721]: [system] Unable to reload configuration: Failed to open "/usr/share/dbus-1/system.conf": Permission denied
Mar 23 14:07:50 [hostname] dbus-daemon[13721]: Unable to reload configuration: Failed to open "/usr/share/dbus-1/system.conf": Permission denied
Mar 23 14:07:50 [hostname] dbus[13721]: [system] Unable to reload configuration: Failed to open "/usr/share/dbus-1/system.conf": Permission denied
Mar 23 14:07:50 [hostname] dbus-daemon[13721]: Unable to reload configuration: Failed to open "/usr/share/dbus-1/system.conf": Permission denied
Mar 23 14:07:50 [hostname] dbus[13721]: [system] Unable to reload configuration: Failed to open "/usr/share/dbus-1/system.conf": Permission denied
Mar 23 14:07:50 [hostname] dbus-daemon[13721]: Unable to reload configuration: Failed to open "/usr/share/dbus-1/system.conf": Permission denied
Mar 23 14:07:50 [hostname] dbus-daemon[13721]: Unable to reload configuration: Failed to open "/usr/share/dbus-1/system.conf": Permission denied
Mar 23 14:07:50 [hostname] dbus[13721]: [system] Unable to reload configuration: Failed to open "/usr/share/dbus-1/system.conf": Permission denied

Di atas layanan dimulai, Tetapi izin ditolak karena layanan polkitd tidak aktif.

5. Jalankan layanan polkitd dengan opsi debug:

# /usr/lib/polkit-1/polkitd
Error switcing to user polkitd: Error changing to home directory /: Permission denied <<<
Exiting with code 1

Kesalahan yang terlihat adalah karena pengguna polkitd tidak dapat berpindah direktori home. Verifikasi direktori home:

# cat /etc/passwd |grep polkitd
polkitd:x:999:998:User for polkitd:/:/sbin/nologin

Dapat melihat direktori home adalah "/", verifikasi izin dari /tmp, /home, /etc, /var, /bin, /run dan /

# ls -l /
total 32
lrwxrwxrwx.   1 root root    7 Jan  2 20:11 bin -> usr/bin
dr-xr-xr-x.   4 root root 4096 Mar 22 20:54 boot
drwxr-xr-x.  87 root root 8192 Mar 23 14:07 etc
drwxr-xr-x.   3 root root   20 Jan  2 23:45 home
lrwxrwxrwx.   1 root root    7 Jan  2 20:11 lib -> usr/lib
lrwxrwxrwx.   1 root root    9 Jan  2 20:11 lib64 -> usr/lib64
dr-xr-x---.   8 root root 4096 Mar 14 21:01 root
drwxr-xr-x.  30 root root 1000 Mar 23 14:07 run
lrwxrwxrwx.   1 root root    8 Jan  2 20:11 sbin -> usr/sbin
drwxr-xr-x.  19 root root 4096 Jan  2 20:19 var

# ls -ld /
drwx------. 17 root root 4096 Jan  2 20:17 /

6. Izin yang terlihat dari "/" adalah 700 bukannya 555, perbaiki dan mulai ulang layanan:

# ls -ld /
drwx------. 17 root root 4096 Jan  2 20:17 /

# chmod 555 /

# ls -ld
dr-xr-xr-x. 17 root root 4096 Jan  2 20:17 .

# systemctl start  polkit
# systemctl status polkit
● polkit.service - Authorization Manager
   Loaded: loaded (/usr/lib/systemd/system/polkit.service; static; vendor preset: enabled)
   Active: active (running) since Sat 2019-03-23 14:47:16 IST; 48s ago
     Docs: man:polkit(8)
 Main PID: 2186 (polkitd)
   CGroup: /system.slice/polkit.service
           └─2186 /usr/lib/polkit-1/polkitd --no-debug

Mar 23 14:47:16 [hostname] polkitd[2186]: Loading rules from directory /usr/share/polkit-1/rules.d
Mar 23 14:47:16 [hostname] polkitd[2186]: Finished loading, compiling and executing 3 rules
Mar 23 14:47:16 [hostname] systemd[1]: Started Authorization Manager.
Mar 23 14:47:16 [hostname] polkitd[2186]: Acquired the name org.freedesktop.PolicyKit1 on the system bus
Mar 23 14:47:16 [hostname] polkitd[2186]: Registered Authentication Agent for unix-process:2181:6445595 (system bus name :1.145 [/usr/bin/pkttyagent ...US.UTF-8)
Mar 23 14:47:16 [hostname] polkitd[2186]: Unregistered Authentication Agent for unix-process:2181:6445595 (system bus name :1.145, object path /org/f...from bus)
Mar 23 14:47:40 [hostname] polkitd[2186]: Registered Authentication Agent for unix-process:2216:6448064 (system bus name :1.147 [/usr/bin/pkttyagent ...US.UTF-8)
Mar 23 14:47:40 [hostname] polkitd[2186]: Unregistered Authentication Agent for unix-process:2216:6448064 (system bus name :1.147, object path /org/f...from bus)
Mar 23 14:47:55 [hostname] polkitd[2186]: Registered Authentication Agent for unix-process:2234:6449521 (system bus name :1.148 [/usr/bin/pkttyagent ...US.UTF-8)
Mar 23 14:47:55 [hostname] polkitd[2186]: Unregistered Authentication Agent for unix-process:2234:6449521 (system bus name :1.148, object path /org/f...from bus)
Hint: Some lines were ellipsized, use -l to show in full.

Layanan polkitd dengan info debug:

# /usr/lib/polkit-1/polkitd
Successfully changed to user polkitd
14:55:06.874: Loading rules from directory /etc/polkit-1/rules.d
14:55:06.874: Loading rules from directory /usr/share/polkit-1/rules.d
14:55:06.875: Finished loading, compiling and executing 3 rules
Entering main event loop
Connected to the system bus
14:55:06.876: Lost the name org.freedesktop.PolicyKit1 - exiting
Shutting down
Exiting with code 0

Catatan :Direkomendasikan untuk me-reboot node setelah perubahan dan memverifikasi sistem bahwa sistem akan berjalan tanpa masalah.