man-pages/man1/pkcheck.1.html
2021-03-31 01:06:50 +01:00

213 lines
5.8 KiB
HTML

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Man page of PKCHECK</TITLE>
</HEAD><BODY>
<H1>PKCHECK</H1>
Section: pkcheck (1)<BR>Updated: May 2009<BR><A HREF="#index">Index</A>
<A HREF="/cgi-bin/man/man2html">Return to Main Contents</A><HR>
<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>
pkcheck - Check whether a process is authorized
<A NAME="lbAC">&nbsp;</A>
<H2>SYNOPSIS</H2>
<DL COMPACT>
<DT id="1">
<B>pkcheck</B> [<B>--version</B>] [<B>--help</B>]
<DT id="2">
<B>pkcheck</B> [<B>--list-temp</B>]
<DT id="3">
<B>pkcheck</B> [<B>--revoke-temp</B>]
<DT id="4">
<B>pkcheck</B> <B>--action-id</B>&nbsp;<I>action</I> {<B>--process</B>&nbsp;{&nbsp;<I>pid</I>&nbsp;|&nbsp;<I>pid,pid-start-time</I>&nbsp;|&nbsp;<I>pid,pid-start-time,uid</I>&nbsp;} | <B>--system-bus-name</B>&nbsp;<I>busname</I>} [<B>--allow-user-interaction</B>] [<B>--enable-internal-agent</B>] [<B>--detail</B>&nbsp;<I>key</I>&nbsp;<I>value</I>...]
</DL>
<A NAME="lbAD">&nbsp;</A>
<H2>DESCRIPTION</H2>
<P>
<B>pkcheck</B>
<DD>is used to check whether a process, specified by either
<B>--process</B>
(see below) or
<B>--system-bus-name</B>, is authorized for
<I>action</I>. The
<B>--detail</B>
option can be used zero or more times to pass details about
<I>action</I>. If
<B>--allow-user-interaction</B>
is passed,
<B>pkcheck</B>
blocks while waiting for authentication.
<P>
The invocation
<B>pkcheck --list-temp</B>
will list all temporary authorizations for the current session and
<B>pkcheck --revoke-temp</B>
will revoke all temporary authorizations for the current session.
<P>
This command is a simple wrapper around the PolicyKit D-Bus interface; see the D-Bus interface documentation for details.
<A NAME="lbAE">&nbsp;</A>
<H2>RETURN VALUE</H2>
<P>
If the specified process is authorized,
<B>pkcheck</B>
exits with a return value of 0. If the authorization result contains any details, these are printed on standard output as key/value pairs using environment style reporting, e.g. first the key followed by a an equal sign, then the value followed by a newline.
<P>
<DL COMPACT><DT id="5"><DD>
<PRE>
KEY1=VALUE1
KEY2=VALUE2
KEY3=VALUE3
...
</PRE>
</DL>
<P>
Octects that are not in [a-zA-Z0-9_] are escaped using octal codes prefixed with
<I>\</I>. For example, the UTF-8 string
<I>føl,你好</I>
will be printed as
<I>f\303\270l\54\344\275\240\345\245\275</I>.
<P>
If the specificied process is not authorized,
<B>pkcheck</B>
exits with a return value of 1 and a diagnostic message is printed on standard error. Details are printed on standard output.
<P>
If the specificied process is not authorized because no suitable authentication agent is available or if the
<B>--allow-user-interaction</B>
wasn't passed,
<B>pkcheck</B>
exits with a return value of 2 and a diagnostic message is printed on standard error. Details are printed on standard output.
<P>
If the specificied process is not authorized because the authentication dialog / request was dismissed by the user,
<B>pkcheck</B>
exits with a return value of 3 and a diagnostic message is printed on standard error. Details are printed on standard output.
<P>
If an error occured while checking for authorization,
<B>pkcheck</B>
exits with a return value of 127 with a diagnostic message printed on standard error.
<P>
If one or more of the options passed are malformed,
<B>pkcheck</B>
exits with a return value of 126. If stdin is a tty, then this manual page is also shown.
<A NAME="lbAF">&nbsp;</A>
<H2>NOTES</H2>
<P>
Do not use either the bare
<I>pid</I>
or
<I>pid,start-time</I>
syntax forms for
<B>--process</B>. There are race conditions in both. New code should always use
<I>pid,pid-start-time,uid</I>. The value of
<I>start-time</I>
can be determined by consulting e.g. the
<B><A HREF="/cgi-bin/man/man2html?5+proc">proc</A></B>(5)
file system depending on the operating system. If fewer than 3 arguments are passed,
<B>pkcheck</B>
will attempt to look up them up internally, but note that this may be racy.
<P>
If your program is a daemon with e.g. a custom Unix domain socket, you should determine the
<I>uid</I>
parameter via operating system mechanisms such as
PEERCRED.
<A NAME="lbAG">&nbsp;</A>
<H2>AUTHENTICATION AGENT</H2>
<P>
<B>pkcheck</B>, like any other PolicyKit application, will use the authentication agent registered for the process in question. However, if no authentication agent is available, then
<B>pkcheck</B>
can register its own textual authentication agent if the option
<B>--enable-internal-agent</B>
is passed.
<A NAME="lbAH">&nbsp;</A>
<H2>AUTHOR</H2>
<P>
Written by David Zeuthen
&lt;<A HREF="mailto:davidz@redhat.com">davidz@redhat.com</A>&gt;
with a lot of help from many others.
<A NAME="lbAI">&nbsp;</A>
<H2>BUGS</H2>
<P>
Please send bug reports to either the distribution or the polkit-devel mailing list, see the link
m[blue]<B><A HREF="http://lists.freedesktop.org/mailman/listinfo/polkit-devel">http://lists.freedesktop.org/mailman/listinfo/polkit-devel</A></B>m[]
on how to subscribe.
<A NAME="lbAJ">&nbsp;</A>
<H2>SEE ALSO</H2>
<P>
<B><A HREF="/cgi-bin/man/man2html?8+polkit">polkit</A></B>(8),
<B><A HREF="/cgi-bin/man/man2html?1+pkaction">pkaction</A></B>(1),
<B><A HREF="/cgi-bin/man/man2html?1+pkexec">pkexec</A></B>(1),
<B><A HREF="/cgi-bin/man/man2html?1+pkttyagent">pkttyagent</A></B>(1)
<P>
<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT id="6"><A HREF="#lbAB">NAME</A><DD>
<DT id="7"><A HREF="#lbAC">SYNOPSIS</A><DD>
<DT id="8"><A HREF="#lbAD">DESCRIPTION</A><DD>
<DT id="9"><A HREF="#lbAE">RETURN VALUE</A><DD>
<DT id="10"><A HREF="#lbAF">NOTES</A><DD>
<DT id="11"><A HREF="#lbAG">AUTHENTICATION AGENT</A><DD>
<DT id="12"><A HREF="#lbAH">AUTHOR</A><DD>
<DT id="13"><A HREF="#lbAI">BUGS</A><DD>
<DT id="14"><A HREF="#lbAJ">SEE ALSO</A><DD>
</DL>
<HR>
This document was created by
<A HREF="/cgi-bin/man/man2html">man2html</A>,
using the manual pages.<BR>
Time: 00:05:23 GMT, March 31, 2021
</BODY>
</HTML>