LinuxCommandLibrary

pkexec

Execute commands as another user

TLDR

Run command as root

$ pkexec [command]
copy

Switch user to root
$ pkexec
copy

Run command as a specific user
$ pkexec --user [username] [command]
copy

SYNOPSIS

pkexec [OPTIONS] program [ARGUMENTS...]

PARAMETERS

--version
    Show program's version number and exit.

--disable-internal-agent
    Disable the internal PolicyKit authentication agent (if any).

--user username
    The user the program should be executed as. Defaults to root.

program
    The full path to the program to be executed.

ARGUMENTS...
    Arguments passed to the program being executed.

DESCRIPTION

pkexec allows an authorized user to execute commands as another user, most commonly as the root user. It provides a more controlled and auditable way to elevate privileges than simply using su or sudo in certain environments. It interacts with PolicyKit, a framework for managing privileges. When a user attempts to run a command via pkexec, PolicyKit checks whether the user is authorized to run that specific command. This authorization is determined by PolicyKit rules. Unlike sudo, pkexec doesn't require the user to know the root password; authorization is managed through PolicyKit.

pkexec is commonly used in graphical environments for launching applications that require administrative privileges, such as system configuration tools or package managers. It's important to note that the availability and proper configuration of PolicyKit are crucial for pkexec to function correctly. Misconfigured PolicyKit rules can lead to unintended privilege escalation or denial of access.

CAVEATS

PolicyKit must be properly configured for pkexec to function correctly. Incorrectly configured rules can lead to security vulnerabilities or unexpected behavior. The program specified must be a full path.

POLICYKIT INTERACTION

pkexec heavily relies on PolicyKit for authorization. PolicyKit uses rules defined in files usually located in /etc/polkit-1/rules.d and /usr/share/polkit-1/rules.d to determine if a user is allowed to perform an action. Understanding PolicyKit rules is crucial for managing permissions when using pkexec.

SECURITY CONSIDERATIONS

Because pkexec allows running commands with elevated privileges, it's important to carefully consider the security implications. Only allow trusted programs to be executed with pkexec, and ensure that PolicyKit rules are properly configured to prevent unauthorized access.

SEE ALSO

sudo(8), su(1), polkit(8)

Copied to clipboard