polkit

polkit [options]

polkit (PolicyKit) is an authorization framework that allows non-privileged processes to communicate with privileged ones. It provides fine-grained control over system-wide privileges, enabling desktop applications to perform administrative tasks with proper user authorization.Unlike sudo which grants full root access, polkit defines specific actions (like mounting disks or changing network settings) and policies controlling who can perform them. The framework consists of pkexec (execute privileged commands), pkaction (list/inspect actions), and pkcheck (check authorization). The polkitd daemon runs with minimal privileges and communicates over the system message bus.

pkexec

Execute a command as another user with polkit authorization. Defaults to root if no user specified.

List or inspect registered polkit actions and their default policies.

Check whether a process or system bus name is authorized for a given action.

The polkit system daemon that manages authorization decisions. Runs as the polkitd system user.

/usr/share/polkit-1/actions/

System-wide policy action definition files in XML format.

Local authorization rules in JavaScript format (polkit >= 0.106).

Legacy .pkla authorization files for older polkit versions.

Requires the polkitd daemon to be running. Desktop environments typically provide an authentication agent for graphical prompts. See individual command man pages for detailed options.

PolicyKit was created by David Zeuthen at Red Hat for fine-grained authorization control on Linux desktop systems.

pkexec(1), pkaction(1), polkitd(8)