213 lines
5.8 KiB
HTML
213 lines
5.8 KiB
HTML
|
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
|
<HTML><HEAD><TITLE>Man page of PKCHECK</TITLE>
|
|
</HEAD><BODY>
|
|
<H1>PKCHECK</H1>
|
|
Section: pkcheck (1)<BR>Updated: May 2009<BR><A HREF="#index">Index</A>
|
|
<A HREF="/cgi-bin/man/man2html">Return to Main Contents</A><HR>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<A NAME="lbAB"> </A>
|
|
<H2>NAME</H2>
|
|
|
|
pkcheck - Check whether a process is authorized
|
|
<A NAME="lbAC"> </A>
|
|
<H2>SYNOPSIS</H2>
|
|
|
|
<DL COMPACT>
|
|
<DT id="1">
|
|
<B>pkcheck</B> [<B>--version</B>] [<B>--help</B>]
|
|
<DT id="2">
|
|
<B>pkcheck</B> [<B>--list-temp</B>]
|
|
<DT id="3">
|
|
<B>pkcheck</B> [<B>--revoke-temp</B>]
|
|
<DT id="4">
|
|
<B>pkcheck</B> <B>--action-id</B> <I>action</I> {<B>--process</B> { <I>pid</I> | <I>pid,pid-start-time</I> | <I>pid,pid-start-time,uid</I> } | <B>--system-bus-name</B> <I>busname</I>} [<B>--allow-user-interaction</B>] [<B>--enable-internal-agent</B>] [<B>--detail</B> <I>key</I> <I>value</I>...]
|
|
</DL>
|
|
<A NAME="lbAD"> </A>
|
|
<H2>DESCRIPTION</H2>
|
|
|
|
<P>
|
|
|
|
<B>pkcheck</B>
|
|
<DD>is used to check whether a process, specified by either
|
|
<B>--process</B>
|
|
(see below) or
|
|
<B>--system-bus-name</B>, is authorized for
|
|
<I>action</I>. The
|
|
<B>--detail</B>
|
|
option can be used zero or more times to pass details about
|
|
<I>action</I>. If
|
|
<B>--allow-user-interaction</B>
|
|
is passed,
|
|
<B>pkcheck</B>
|
|
blocks while waiting for authentication.
|
|
<P>
|
|
|
|
The invocation
|
|
<B>pkcheck --list-temp</B>
|
|
will list all temporary authorizations for the current session and
|
|
<B>pkcheck --revoke-temp</B>
|
|
will revoke all temporary authorizations for the current session.
|
|
<P>
|
|
|
|
This command is a simple wrapper around the PolicyKit D-Bus interface; see the D-Bus interface documentation for details.
|
|
<A NAME="lbAE"> </A>
|
|
<H2>RETURN VALUE</H2>
|
|
|
|
<P>
|
|
|
|
If the specified process is authorized,
|
|
<B>pkcheck</B>
|
|
exits with a return value of 0. If the authorization result contains any details, these are printed on standard output as key/value pairs using environment style reporting, e.g. first the key followed by a an equal sign, then the value followed by a newline.
|
|
<P>
|
|
<DL COMPACT><DT id="5"><DD>
|
|
|
|
|
|
|
|
<PRE>
|
|
KEY1=VALUE1
|
|
KEY2=VALUE2
|
|
KEY3=VALUE3
|
|
...
|
|
</PRE>
|
|
|
|
</DL>
|
|
|
|
|
|
|
|
|
|
<P>
|
|
Octects that are not in [a-zA-Z0-9_] are escaped using octal codes prefixed with
|
|
<I>\</I>. For example, the UTF-8 string
|
|
<I>føl,你好</I>
|
|
will be printed as
|
|
<I>f\303\270l\54\344\275\240\345\245\275</I>.
|
|
<P>
|
|
|
|
If the specificied process is not authorized,
|
|
<B>pkcheck</B>
|
|
exits with a return value of 1 and a diagnostic message is printed on standard error. Details are printed on standard output.
|
|
<P>
|
|
|
|
If the specificied process is not authorized because no suitable authentication agent is available or if the
|
|
<B>--allow-user-interaction</B>
|
|
wasn't passed,
|
|
<B>pkcheck</B>
|
|
exits with a return value of 2 and a diagnostic message is printed on standard error. Details are printed on standard output.
|
|
<P>
|
|
|
|
If the specificied process is not authorized because the authentication dialog / request was dismissed by the user,
|
|
<B>pkcheck</B>
|
|
exits with a return value of 3 and a diagnostic message is printed on standard error. Details are printed on standard output.
|
|
<P>
|
|
|
|
If an error occured while checking for authorization,
|
|
<B>pkcheck</B>
|
|
exits with a return value of 127 with a diagnostic message printed on standard error.
|
|
<P>
|
|
|
|
If one or more of the options passed are malformed,
|
|
<B>pkcheck</B>
|
|
exits with a return value of 126. If stdin is a tty, then this manual page is also shown.
|
|
<A NAME="lbAF"> </A>
|
|
<H2>NOTES</H2>
|
|
|
|
<P>
|
|
|
|
Do not use either the bare
|
|
<I>pid</I>
|
|
or
|
|
<I>pid,start-time</I>
|
|
syntax forms for
|
|
<B>--process</B>. There are race conditions in both. New code should always use
|
|
<I>pid,pid-start-time,uid</I>. The value of
|
|
<I>start-time</I>
|
|
can be determined by consulting e.g. the
|
|
<B><A HREF="/cgi-bin/man/man2html?5+proc">proc</A></B>(5)
|
|
file system depending on the operating system. If fewer than 3 arguments are passed,
|
|
<B>pkcheck</B>
|
|
will attempt to look up them up internally, but note that this may be racy.
|
|
<P>
|
|
|
|
If your program is a daemon with e.g. a custom Unix domain socket, you should determine the
|
|
<I>uid</I>
|
|
parameter via operating system mechanisms such as
|
|
PEERCRED.
|
|
<A NAME="lbAG"> </A>
|
|
<H2>AUTHENTICATION AGENT</H2>
|
|
|
|
<P>
|
|
|
|
<B>pkcheck</B>, like any other PolicyKit application, will use the authentication agent registered for the process in question. However, if no authentication agent is available, then
|
|
<B>pkcheck</B>
|
|
can register its own textual authentication agent if the option
|
|
<B>--enable-internal-agent</B>
|
|
is passed.
|
|
<A NAME="lbAH"> </A>
|
|
<H2>AUTHOR</H2>
|
|
|
|
<P>
|
|
|
|
Written by David Zeuthen
|
|
<<A HREF="mailto:davidz@redhat.com">davidz@redhat.com</A>>
|
|
with a lot of help from many others.
|
|
<A NAME="lbAI"> </A>
|
|
<H2>BUGS</H2>
|
|
|
|
<P>
|
|
|
|
Please send bug reports to either the distribution or the polkit-devel mailing list, see the link
|
|
m[blue]<B><A HREF="http://lists.freedesktop.org/mailman/listinfo/polkit-devel">http://lists.freedesktop.org/mailman/listinfo/polkit-devel</A></B>m[]
|
|
on how to subscribe.
|
|
<A NAME="lbAJ"> </A>
|
|
<H2>SEE ALSO</H2>
|
|
|
|
<P>
|
|
|
|
<B><A HREF="/cgi-bin/man/man2html?8+polkit">polkit</A></B>(8),
|
|
<B><A HREF="/cgi-bin/man/man2html?1+pkaction">pkaction</A></B>(1),
|
|
<B><A HREF="/cgi-bin/man/man2html?1+pkexec">pkexec</A></B>(1),
|
|
<B><A HREF="/cgi-bin/man/man2html?1+pkttyagent">pkttyagent</A></B>(1)
|
|
<P>
|
|
|
|
<HR>
|
|
<A NAME="index"> </A><H2>Index</H2>
|
|
<DL>
|
|
<DT id="6"><A HREF="#lbAB">NAME</A><DD>
|
|
<DT id="7"><A HREF="#lbAC">SYNOPSIS</A><DD>
|
|
<DT id="8"><A HREF="#lbAD">DESCRIPTION</A><DD>
|
|
<DT id="9"><A HREF="#lbAE">RETURN VALUE</A><DD>
|
|
<DT id="10"><A HREF="#lbAF">NOTES</A><DD>
|
|
<DT id="11"><A HREF="#lbAG">AUTHENTICATION AGENT</A><DD>
|
|
<DT id="12"><A HREF="#lbAH">AUTHOR</A><DD>
|
|
<DT id="13"><A HREF="#lbAI">BUGS</A><DD>
|
|
<DT id="14"><A HREF="#lbAJ">SEE ALSO</A><DD>
|
|
</DL>
|
|
<HR>
|
|
This document was created by
|
|
<A HREF="/cgi-bin/man/man2html">man2html</A>,
|
|
using the manual pages.<BR>
|
|
Time: 00:05:23 GMT, March 31, 2021
|
|
</BODY>
|
|
</HTML>
|