Man Linux: Main Page and Category List

NAME

       pkcheck - Check whether a process is authorized

SYNOPSIS

       pkcheck [--version] [--help]

       pkcheck --action-id action {--process { pid | pid,pid-start-time } |
               --system-bus-name busname} [--allow-user-interaction]
               [--detail key value...]

DESCRIPTION

       pkcheck is used to check whether a process, specified by either
       --process or --system-bus-name, is authorized for action. The --detail
       option can be used zero or more times to pass details about action. If
       --allow-user-interaction is passed, pkcheck blocks while waiting for
       authentication.

       This command is a simple wrapper around the PolicyKit D-Bus interface;
       see the D-Bus interface documentation for details.

RETURN VALUE

       If the specified process is authorized, pkcheck exits with a return
       value of 0. If the authorization result contains any details, these are
       printed on standard output as key/value pairs using environment style
       reporting, e.g. first the key followed by a an equal sign, then the
       value followed by a newline.

           KEY1=VALUE1
           KEY2=VALUE2
           KEY3=VALUE3
           ...

       Octects that are not in [a-zA-Z0-9_] are escaped using octal codes
       prefixed with \. For example, the UTF-8 string fl, will be printed as
       f\303\270l\54\344\275\240\345\245\275.

       If the specificied process is not authorized, pkcheck exits with a
       return value of 1 and a diagnostic message is printed on standard
       error. Details are printed on standard output.

       If the specificied process is not authorized because no suitable
       authentication agent is available or if the --allow-user-interaction
       wasn't passed, pkcheck exits with a return value of 2 and a diagnostic
       message is printed on standard error. Details are printed on standard
       output.

       If an error occured while checking for authorization, pkcheck exits
       with a return value of 127 with a diagnostic message printed on
       standard error.

       If one or more of the options passed are malformed, pkcheck exits with
       a return value of 126. If stdin is a tty, then this manual page is also
       shown.

NOTES

       Since process identifiers can be recycled, the caller should always use
       pid,pid-start-time to specify the process to check for authorization
       when using the --process option. The value of pid-start-time can be
       determined by consulting e.g. the proc(5) file system depending on the
       operating system. If only pid is passed to the --process option, then
       pkcheck will look up the start time itself but note that this may be
       racy.

AUTHOR

       Written by David Zeuthen davidz@redhat.com with a lot of help from many
       others.

BUGS

       Please send bug reports to either the distribution or the polkit-devel
       mailing list, see the link
       http://lists.freedesktop.org/mailman/listinfo/polkit-devel on how to
       subscribe.

SEE ALSO

       polkit(8), pkaction(1), pkexec(1)