Translation(s): Italiano

(!) ?Discussion


PolicyKit is an application-level toolkit for defining and handling the policy that allows unprivileged processes to speak to privileged processes, in order to grant some user the right to perform some tasks in some situations. It is sometimes referred to as "the sudo of systemd".

While PolicyKit has been replaced by polkit (which rewrote system component, breaking backwards compatibility) in many distributions, Debian continues to use PolicyKit from Debian 7 wheezy through Debian 10 buster.

Sample uses:

As opposed to previous mechanisms used in GUI, PolicyKit, is a centralized place to define and enforce that policy.

For a general introduction, read or polkit(8)'s man page.

ToDo: explain how it works.


Policies installed locally should be installed to /etc/polkit-1/localauthority/.

While modern examples of polkit typically demonstrate the use of javascript rules, PolicyKit does not support this and instead relies on the use of *.conf and *.pkla files. See pklocalauthority(8)'s man page for details.


To allow users of group somegroup to manage systemd services, create /etc/polkit-1/localauthority/50-local.d/manage-units.pkla with the following content:

[Allow users to manage services]

This is PolicyKit's equivalent of the following polkit rule which would be found at /etc/polkit-1/rules.d/50-manage-units.rules:

polkit.addRule(function(action, subject) {
    if ( == "org.freedesktop.systemd1.manage-units"
        && subject.isInGroup("somegroup") )
        return polkit.Result.YES;

See also