pkexec
Execute commands as another user
TLDR
Run command as root
Switch user to root
Run command as a specific user
SYNOPSIS
pkexec [OPTIONS] program [ARGUMENTS...]
PARAMETERS
--version
Show program's version number and exit.
--disable-internal-agent
Disable the internal PolicyKit authentication agent (if any).
--user username
The user the program should be executed as. Defaults to root.
program
The full path to the program to be executed.
ARGUMENTS...
Arguments passed to the program being executed.
DESCRIPTION
pkexec allows an authorized user to execute commands as another user, most commonly as the root user. It provides a more controlled and auditable way to elevate privileges than simply using su or sudo in certain environments. It interacts with PolicyKit, a framework for managing privileges. When a user attempts to run a command via pkexec, PolicyKit checks whether the user is authorized to run that specific command. This authorization is determined by PolicyKit rules. Unlike sudo, pkexec doesn't require the user to know the root password; authorization is managed through PolicyKit.
pkexec is commonly used in graphical environments for launching applications that require administrative privileges, such as system configuration tools or package managers. It's important to note that the availability and proper configuration of PolicyKit are crucial for pkexec to function correctly. Misconfigured PolicyKit rules can lead to unintended privilege escalation or denial of access.
CAVEATS
PolicyKit must be properly configured for pkexec to function correctly. Incorrectly configured rules can lead to security vulnerabilities or unexpected behavior. The program specified must be a full path.
POLICYKIT INTERACTION
pkexec heavily relies on PolicyKit for authorization. PolicyKit uses rules defined in files usually located in /etc/polkit-1/rules.d and /usr/share/polkit-1/rules.d to determine if a user is allowed to perform an action. Understanding PolicyKit rules is crucial for managing permissions when using pkexec.
SECURITY CONSIDERATIONS
Because pkexec allows running commands with elevated privileges, it's important to carefully consider the security implications. Only allow trusted programs to be executed with pkexec, and ensure that PolicyKit rules are properly configured to prevent unauthorized access.