Physical Address

304 North Cardinal St.
Dorchester Center, MA 02124

Unable to register authentication agent. Cannot determine user of subject Error registering authentication agent.

We’re running Atomicorp’s Workload Security, previous known as Atomic Secure Linux, and have started getting the following error whenever we restart any service.

** (pkttyagent:112415): WARNING **: 12:49:43.934: Unable to register authentication agent: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Cannot determine user of subject
Error registering authentication agent: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Cannot determine user of subject (polkit-error-quark, 0)

We’re not sure what triggered this, but we started getting this error on the latest version of CentOS (7.9) and on Atomicorp’s kernel.

It seems the polkit user doesn’t have procread privileges. The fix seems to be as simple as adding the polkit user to the procread group.

Note: The procread group needs to have a GID of 1001, otherwise the following commands will not work. To find out, issue the following at the terminal:

cat /etc/group | grep "procread"

This is what we got on our server:

[root@CentOS-78-64-minimal php]# cat /etc/group | grep "proc"
procread:x:1001:tortix

In our case, the procread user does in fact have a GID of 1001 so we’ll issue the following commands:

usermod -a -G procread polkitd
service polkit restart

If procread does not have the GID 1001 on your server then you’ll have to find which group does and add polkit to that group. To do this, issue the following:

cat /etc/group | grep "1001"

This should give you the name of the group with the GID 1001. The fix would then become:

usermod -a -G <group name> polkitd
service polkit restart

Where <group name> would be the name of the group with the GID 1001.

That’s it!