pkexec

pkexec

pkexec is part of the PolicyKit (now PolKit) system. Like the other -kits, it was developed by Red Hat and FreeDesktop.org, and like the other -kits I’m not very fond of it. The goal of all of these packages was to replace traditional pipe-oriented IPC with dbus, and boy were they successful, to the extent that they’re now moving dbus into the kernel because the userland version can’t handle all of the traffic (well, it can handle the traffic fine; it can’t handle all the marshalling and unmarshalling of data — of course XML encoding and decoding should be in Ring 0, graybeard, stop complaining).

pkexec is roughly the replacement for sudo: it allows Alice to run a command in Bob’s security context. In the simplest uses, this means running the command under Bob’s userid, but since FreeDesktop loves to make everything a Swiss Army Knife, it can get more complicated. (See the man page, particularly the dozens of lines of XML that follow the sentence “simply write a policy file such as this:”. Compare this to sudoers or doas.conf. Cry.)

Really, there are only two ways for an unprivileged user to run a privileged command: either a setuid executable, or a privileged daemon that acts on the user’s behalf. Sudo is an example of the first, and pkexec is an example of the second. The daemon is polkitd, which runs as root and passes out privileged processes to users when they request them.

Most of the complexity is in the XML, which I’m going to leave alone for now; the only command-line option that matters is –user, to specify the account to run as (defaults to root).

Leave a Reply

Your email address will not be published. Required fields are marked *