PolicyKit Reference Manual |
---|
pkcheckpkcheck — Check whether a process is authorized |
Synopsis
pkcheck
[--version
] [--help
]
pkcheck
--action-id
action
{
--process
{
pid
|
pid,pid-start-time
}
|
--system-bus-name
busname
} [
--allow-user-interaction
] [
--detail
key
value
...]
DESCRIPTION
pkcheck is used to check whether a process, specified by
either --process
or --system-bus-name
,
is authorized for action
. The --detail
option can be used zero or more times to pass details about action
.
If --allow-user-interaction
is passed, pkcheck blocks
while waiting for authentication.
This command is a simple wrapper around the PolicyKit D-Bus interface; see the D-Bus interface documentation for details.
RETURN VALUE
If the specified process is authorized, pkcheck exits with a return value of 0. If the authorization result contains any details, these are printed on standard output as key/value pairs using environment style reporting, e.g. first the key followed by a an equal sign, then the value followed by a newline.
KEY1=VALUE1 KEY2=VALUE2 KEY3=VALUE3 ...
Octects that are not in [a-zA-Z0-9_] are escaped using octal codes prefixed with \. For example, the UTF-8 string føl,你好 will be printed as f\303\270l\54\344\275\240\345\245\275.
If the specificied process is not authorized, pkcheck exits with a return value of 1 and a diagnostic message is printed on standard error. Details are printed on standard output.
If the specificied process is not
authorized because no suitable authentication agent is available or if the
--allow-user-interaction
wasn't passed, pkcheck
exits with a return value of 2 and a diagnostic message is printed on standard error.
Details are printed on standard output.
If an error occured while checking for authorization, pkcheck exits with a return value of 127 with a diagnostic message printed on standard error.
If one or more of the options passed are malformed, pkcheck exits with a return value of 126. If stdin is a tty, then this manual page is also shown.
NOTES
Since process identifiers can be recycled, the caller should always use
pid,pid-start-time
to specify the process
to check for authorization when using the --process
option.
The value of pid-start-time
can be determined by consulting e.g. the
proc(5)
file system depending on the operating system. If only pid
is passed to the --process
option, then pkcheck
will look up the start time itself but note that this may be racy.
BUGS
Please send bug reports to either the distribution or the polkit-devel mailing list, see the link http://lists.freedesktop.org/mailman/listinfo/polkit-devel on how to subscribe.