LinuxCommandLibrary
GitHubF-DroidGoogle Play Store

pkcheck

Check PolicyKit authorization for actions

TLDR

Check authorization
$ pkcheck --action-id [org.freedesktop.action] --process [pid]
copy
Check with user
$ pkcheck --action-id [action] --user [username]
copy
Allow user interaction
$ pkcheck --action-id [action] --process [pid] --allow-user-interaction
copy

SYNOPSIS

pkcheck [options]

DESCRIPTION

pkcheck queries the polkit daemon to determine whether a specific process, user, or D-Bus connection is authorized to perform a given action. It is the standard programmatic entry point for non-graphical authorization checks.

PARAMETERS

-a, --action-id ACTION

The polkit action identifier to authorize against (e.g., org.freedesktop.systemd1.manage-units).
-p, --process PID[,START-TIME,UID]
Authorize the named process. Supplying start-time and uid closes a TOCTOU window where a PID can be reused.
-u, --user USER
Authorize as a specific user (only callable by root).
-s, --system-bus-name NAME
Authorize the D-Bus connection identified by NAME.
--allow-user-interaction
Permit polkit to prompt the user via the registered authentication agent.
--enable-internal-agent
Use a built-in text-mode agent when no graphical agent is registered (useful in TTY scripts).
--detail KEY VALUE
Pass extra detail key/value pairs to the polkit policy (used by some action rules).
--help
Display help.

EXIT STATUS

CodeMeaning
0Authorization granted.
1Not authorized.
2Help shown / invocation error.
3Authentication is required but --allow-user-interaction was not given.
Scripts can branch on these codes to decide whether to escalate via pkexec or skip the operation.

CAVEATS

Part of PolicyKit. Requires polkitd running.

HISTORY

pkcheck is part of PolicyKit for checking authorization policies.

SEE ALSO

pkaction(1), pkexec(1), polkit(8)

Copied to clipboard
Kai