Why not have resolve_group() and resolve_user() just return the found ID as the return value, given that not finding one leads to exiting right away through errx()?

I'm all for this change!

This is what we are doing in several other utilities, and we really should do that since for some utilities like chown(8), this is explicitly prescribed by POSIX.

Actually, we should probably have some common utility function for that (not as part of this review).

Whoops; originally I had this return an error (which I didn't want to try to do through a gid_t/uid_t because a lot of our utilities get ported to platform(s) that have signed [gu]id_t types, and (uid_t)-1 is a valid user), but then realized it was silly to not just have them always-succeed or abort. Will fix.

No worries. This isn't a bug (nothing functional), just some slight quality-of-life improvement (eases reviewing).

Forgot this. Calling getgrgid() wasn't present initially, and POSIX's text for chown(8) arguably can be interpreted as saying that any numerical ID is supposed to be accepted as is.

Same in resolve_user().

Hmm, I agree, with the caveat that we also need to range-check it against [UG]ID_MAX if we're not doing a round-trip through the database.

Looking at the spec again and the platform I'm aware of with a signed type, it occurs to me that the assigned negative groups are nobody and nogroup, which make sense to be out of the technically-valid range (which POSIX explicitly describes as positive values)

You're right. This has the unfortunate consequence that some implementation's choice to make nobody/nogroup negative (and thus uid_t/gid_t signed) determines whether this user/group can be accepted, introducing non-portability. This is arguably a flaw in POSIX.