PKCHECK(1) pkcheck PKCHECK(1)
NAME
pkcheck - Check whether a process is authorized
SYNOPSIS
pkcheck [--version] [--help]
pkcheck --action-id action {--process { pid | pid,pid-start-time } | --system-bus-name busname} [--allow-user-interaction]
[--detail key value...]
DESCRIPTION
pkcheck is used to check whether a process, specified by either --process or --system-bus-name, is authorized for action. The --detail
option can be used zero or more times to pass details about action. If --allow-user-interaction is passed, pkcheck blocks while waiting for
authentication.
This command is a simple wrapper around the PolicyKit D-Bus interface; see the D-Bus interface documentation for details.
RETURN VALUE
If the specified process is authorized, pkcheck exits with a return value of 0. If the authorization result contains any details, these are
printed on standard output as key/value pairs using environment style reporting, e.g. first the key followed by a an equal sign, then the
value followed by a newline.
KEY1=VALUE1
KEY2=VALUE2
KEY3=VALUE3
...
Octects that are not in [a-zA-Z0-9_] are escaped using octal codes prefixed with . For example, the UTF-8 string fol, will be printed as
f303270l54344275240345245275.
If the specificied process is not authorized, pkcheck exits with a return value of 1 and a diagnostic message is printed on standard error.
Details are printed on standard output.
If the specificied process is not authorized because no suitable authentication agent is available or if the --allow-user-interaction
wasn't passed, pkcheck exits with a return value of 2 and a diagnostic message is printed on standard error. Details are printed on
standard output.
If an error occured while checking for authorization, pkcheck exits with a return value of 127 with a diagnostic message printed on
standard error.
If one or more of the options passed are malformed, pkcheck exits with a return value of 126. If stdin is a tty, then this manual page is
also shown.
NOTES
Since process identifiers can be recycled, the caller should always use pid,pid-start-time to specify the process to check for
authorization when using the --process option. The value of pid-start-time can be determined by consulting e.g. the proc(5) file system
depending on the operating system. If only pid is passed to the --process option, then pkcheck will look up the start time itself but note
that this may be racy.
AUTHOR
Written by David Zeuthen davidz@redhat.com with a lot of help from many others.
BUGS
Please send bug reports to either the distribution or the polkit-devel mailing list, see the link
http://lists.freedesktop.org/mailman/listinfo/polkit-devel on how to subscribe.
SEE ALSO
polkit(8), pkaction(1), pkexec(1)
polkit May 2009 PKCHECK(1)