Translation(s): Italiano

(!) ?Discussion


Screenshot
policykit-gnome

PolicyKit is an application-level toolkit for defining and handling the policy that allows unprivileged processes to speak to privileged processes, in order to grant some user the right to perform some tasks in some situations. It is sometimes referred to as "the sudo of systemd".

While PolicyKit has been replaced by polkit (which rewrote system component, breaking backwards compatibility) in many distributions, Debian continues to use PolicyKit from wheezy through to buster.

Sample uses:

As opposed to previous mechanisms used in GUI, PolicyKit, is a centralized place to define and enforce that policy.

For a general introduction, read http://lwn.net/Articles/258592/ or polkit(8)'s man page.

ToDo: explain how it works.

Configuration

Policies installed locally should be installed to /etc/polkit-1/localauthority/.

While modern examples of polkit typically demonstrate the use of javascript rules, PolicyKit does not support this and instead relies on the use of *.conf and *.pkla files. See pklocalauthority(8)'s man page for details.

Examples

To allow users of group somegroup to manage systemd services, create /etc/polkit-1/localauthority/50-local.d/manage-units.pkla with the following content:

[Allow users to manage services]
Identity=unix-group:somegroup
Action=org.freedesktop.systemd1.manage-units
ResultActive=yes

This is PolicyKit's equivalent of the following polkit rule which would be found at /etc/polkit-1/rules.d/50-manage-units.rules:

polkit.addRule(function(action, subject) {
    if (action.id == "org.freedesktop.systemd1.manage-units"
        && subject.isInGroup("somegroup") )
    {
        return polkit.Result.YES;
    }
});

See also


CategorySystemAdministration