1PKCHECK(1)                          pkcheck                         PKCHECK(1)
2
3
4

NAME

6       pkcheck - Check whether a process is authorized
7

SYNOPSIS

9       pkcheck [--version] [--help]
10
11       pkcheck --action-id action
12               {--process { pid | pid,pid-start-time | pid,pid-start-time,uid }
13               | --system-bus-name busname} [--allow-user-interaction]
14               [--detail key value...]
15

DESCRIPTION

17       pkcheck is used to check whether a process, specified by either
18       --process (see below) or --system-bus-name, is authorized for action.
19       The --detail option can be used zero or more times to pass details
20       about action. If --allow-user-interaction is passed, pkcheck blocks
21       while waiting for authentication.
22
23       This command is a simple wrapper around the PolicyKit D-Bus interface;
24       see the D-Bus interface documentation for details.
25

RETURN VALUE

27       If the specified process is authorized, pkcheck exits with a return
28       value of 0. If the authorization result contains any details, these are
29       printed on standard output as key/value pairs using environment style
30       reporting, e.g. first the key followed by a an equal sign, then the
31       value followed by a newline.
32
33           KEY1=VALUE1
34           KEY2=VALUE2
35           KEY3=VALUE3
36           ...
37
38       Octects that are not in [a-zA-Z0-9_] are escaped using octal codes
39       prefixed with \. For example, the UTF-8 string føl,你好 will be printed
40       as f\303\270l\54\344\275\240\345\245\275.
41
42       If the specificied process is not authorized, pkcheck exits with a
43       return value of 1 and a diagnostic message is printed on standard
44       error. Details are printed on standard output.
45
46       If the specificied process is not authorized because no suitable
47       authentication agent is available or if the --allow-user-interaction
48       wasn´t passed, pkcheck exits with a return value of 2 and a diagnostic
49       message is printed on standard error. Details are printed on standard
50       output.
51
52       If an error occured while checking for authorization, pkcheck exits
53       with a return value of 127 with a diagnostic message printed on
54       standard error.
55
56       If one or more of the options passed are malformed, pkcheck exits with
57       a return value of 126. If stdin is a tty, then this manual page is also
58       shown.
59

NOTES

61       Do not use either the bare pid or pid,start-time syntax forms for
62       --process. There are race conditions in both. New code should always
63       use pid,pid-start-time,uid. The value of start-time can be determined
64       by consulting e.g. the proc(5) file system depending on the operating
65       system. If fewer than 3 arguments are passed, pkcheck will attempt to
66       look up them up internally, but note that this may be racy.
67
68       If your program is a daemon with e.g. a custom Unix domain socket, you
69       should determine the uid parameter via operating system mechanisms such
70       as PEERCRED.
71

AUTHOR

73       Written by David Zeuthen davidz@redhat.com with a lot of help from many
74       others.
75

BUGS

77       Please send bug reports to either the distribution or the polkit-devel
78       mailing list, see the link
79       http://lists.freedesktop.org/mailman/listinfo/polkit-devel on how to
80       subscribe.
81

SEE ALSO

83       polkit(8), pkaction(1), pkexec(1)
84
85
86
87polkit                             May 2009                         PKCHECK(1)
Impressum