pkexec

Run command as root

$ pkexec [command]

$ pkexec

$ pkexec --user [username] [command]

pkexec [--user username] [--disable-internal-agent] [command] [arguments...]

pkexec executes programs as another user with privilege escalation via PolicyKit. Unlike sudo, it integrates with the desktop environment and can show graphical authentication dialogs when available.
Authorization decisions are based on PolicyKit policies, allowing fine-grained control over which users can run which programs with elevated privileges. Actions can be configured to require authentication or be allowed without it.

--user _username_

Run as specified user instead of root

Don't use built-in authentication agent

Keep current working directory

/usr/share/polkit-1/actions/

PolicyKit action definition files controlling authorization rules.

Local authorization rules that override default policies.

Requires polkitd daemon running. Graphical prompt needs authentication agent (often desktop-environment specific). Environment is sanitized by default. Not a drop-in sudo replacement.

pkexec is part of PolicyKit (polkit), developed by David Zeuthen at Red Hat. It provides a modern privilege escalation mechanism that integrates with desktop environments and supports fine-grained authorization policies.

sudo(8), doas(1), run0(1), polkit(8)