There are essentially two ways that a package can modify a file; either
the package contains a file that overwrites the original directly
one of the package's control files preinst or postinst modifies the existing file
If you have already installed the package, then you can check for (1) by looking at its file list e.g.
dpkg -L sudo-ldap | grep nsswitch
If you haven't already installed the package, you can check its contents online at
packages.ubuntu.com or using apt-file if you have installed that
apt-file list sudo-ldap | grep nsswitch
See also How do I find the package that provides a file?
For case (2), if you have already installed the package, you should find its control scripts in /var/lib/dpkg/info/ so for example
grep nsswitch /var/lib/dpkg/info/sudo-ldap.{pre,post}inst
or more generally
grep -l --include=\*.{pre,post}{inst,rm} '/etc/nsswitch.conf' /var/lib/dpkg/info/*
to list all the control files that mention the /etc/nsswitch.conf file. If you want to examine the control files of an uninstalled package, you could do something like
apt download sudo-ldap
ar x sudo-ldap_*.deb
tar xvf control.tar.zst ./postinst
You can then view the file with a pager, or grep within it. In the case of the sudo-ldap package you will likely find the following
$ grep -A3 nsswitch ./postinst
# modify nsswitch.conf if needed
if [ -z "`grep \"^sudoers:\" /etc/nsswitch.conf`" ]
then
echo "sudoers: files ldap" >> /etc/nsswitch.conf
fi
make sure sudoers has the correct permissions and owner/group
postrmscript being run, which didn't make sense to me since the package was/is still present on the system. – N. J Jan 12 '24 at 09:20