问题

在 CentOS/RHEL 7 和 8 中， 无法启动 polkitd 服务，这反过来也会影响其他服务。

# systemctl restart polkit
** (pkttyagent:32189): WARNING **: 13:59:48.884: Unable to register authentication agent: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.freedesktop.PolicyKit1 was not provided by any .service files
Error registering authentication agent: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.freedesktop.PolicyKit1 was not provided by any .service files (g-dbus-error-quark, 2)
Job for polkit.service failed because the control process exited with error code. See "systemctl status polkit.service" and "journalctl -xe" for details.

# systemctl status polkit
● polkit.service - Authorization Manager
   Loaded: loaded (/usr/lib/systemd/system/polkit.service; static; vendor preset: enabled)
   Active: failed (Result: exit-code) since Sat 2019-03-23 13:59:48 IST; 4min 13s ago
     Docs: man:polkit(8)
  Process: 32193 ExecStart=/usr/lib/polkit-1/polkitd --no-debug (code=exited, status=1/FAILURE)
 Main PID: 32193 (code=exited, status=1/FAILURE)
Mar 23 13:59:48 [hostname] systemd[1]: Starting Authorization Manager...
Mar 23 13:59:48 [hostname] systemd[1]: polkit.service: main process exited, code=exited, status=1/FAILURE
Mar 23 13:59:48 [hostname] systemd[1]: Failed to start Authorization Manager.
Mar 23 13:59:48 [hostname] systemd[1]: Unit polkit.service entered failed state.
Mar 23 13:59:48 [hostname] systemd[1]: polkit.service failed.

解决方案

此问题是由 polkit 相关文件和目录的权限不正确引起的。
Polkit 用于控制系统范围的权限。
它为非特权进程与特权进程通信提供了一种有组织的方式。
与 sudo 等系统相比，它不会向整个进程授予 root 权限，而是允许对集中式系统策略进行更精细的控制。

1. 确保 polkitd 用户和组存在，如果没有，请尝试重新安装 RPM：

# getent passwd polkitd
polkitd:x:999:997:User for polkitd:/:/sbin/nologin
# getent group polkitd
polkitd:x:997:

2. 重置 polkit 和 polkit-pkla-compat 包提供的所有文件的权限和用户/组所有权：

# rpm -Va polkit
# rpm --setugids polkit polkit-pkla-compat
# rpm --setperms polkit polkit-pkla-compat

3. 再次检查是否再次面临问题。
   如果是这样，请尝试重新安装/更新 RPM 到最新版本：

# yum reinstall polkit

4.验证dbus服务状态，如果禁用重启服务：

#  systemctl status dbus

Mar 23 14:07:50 [hostname] dbus-daemon[13721]: Unable to reload configuration: Failed to open "/usr/share/dbus-1/system.conf": Permission denied
Mar 23 14:07:50 [hostname] dbus[13721]: [system] Unable to reload configuration: Failed to open "/usr/share/dbus-1/system.conf": Permission denied

上面的服务已经启动，但是权限被拒绝是由于polkitd服务没有激活。

5. 使用调试选项运行 polkitd 服务：

# /usr/lib/polkit-1/polkitd
Error switcing to user polkitd: Error changing to home directory /: Permission denied <<<
Exiting with code 1

看到的错误是由于 polkitd 用户无法切换主目录。
验证主目录：

# cat /etc/passwd |grep polkitd
polkitd:x:999:998:User for polkitd:/:/sbin/nologin

可以看到home目录是“/”，验证/tmp、/home、/etc、/var、/bin、/run和/的权限

# ls -l /
total 32
lrwxrwxrwx.   1 root root    7 Jan  2 20:11 bin -> usr/bin
dr-xr-xr-x.   4 root root 4096 Mar 22 20:54 boot
drwxr-xr-x.  87 root root 8192 Mar 23 14:07 etc
drwxr-xr-x.   3 root root   20 Jan  2 23:45 home
lrwxrwxrwx.   1 root root    7 Jan  2 20:11 lib -> usr/lib
lrwxrwxrwx.   1 root root    9 Jan  2 20:11 lib64 -> usr/lib64
dr-xr-x---.   8 root root 4096 Mar 14 21:01 root
drwxr-xr-x.  30 root root 1000 Mar 23 14:07 run
lrwxrwxrwx.   1 root root    8 Jan  2 20:11 sbin -> usr/sbin
drwxr-xr-x.  19 root root 4096 Jan  2 20:19 var

# ls -ld /
drwx------. 17 root root 4096 Jan  2 20:17 /

6. 看到“/”的权限是700而不是555，整改重启服务：

# ls -ld /
drwx------. 17 root root 4096 Jan  2 20:17 /

# chmod 555 /

# ls -ld
dr-xr-xr-x. 17 root root 4096 Jan  2 20:17 .

# systemctl start  polkit
# systemctl status polkit
。。。
Mar 23 14:47:40 [hostname] polkitd[2186]: Registered Authentication Agent for unix-process:2216:6448064 (system bus name :1.147 [/usr/bin/pkttyagent ...US.UTF-8)
Mar 23 14:47:40 [hostname] polkitd[2186]: Unregistered Authentication Agent for unix-process:2216:6448064 (system bus name :1.147, object path /org/f...from bus)
Mar 23 14:47:55 [hostname] polkitd[2186]: Registered Authentication Agent for unix-process:2234:6449521 (system bus name :1.148 [/usr/bin/pkttyagent ...US.UTF-8)
Mar 23 14:47:55 [hostname] polkitd[2186]: Unregistered Authentication Agent for unix-process:2234:6449521 (system bus name :1.148, object path /org/f...from bus)
Hint: Some lines were ellipsized, use -l to show in full.

带有调试信息的 polkitd 服务：

# /usr/lib/polkit-1/polkitd
Successfully changed to user polkitd
14:55:06.874: Loading rules from directory /etc/polkit-1/rules.d
14:55:06.874: Loading rules from directory /usr/share/polkit-1/rules.d
14:55:06.875: Finished loading, compiling and executing 3 rules
Entering main event loop
Connected to the system bus
14:55:06.876: Lost the name org.freedesktop.PolicyKit1 - exiting
Shutting down
Exiting with code 0