๐ŸŒ
Policykit
policykit.org
PolicyKit
PolicyKit empowers online community members to concisely author a wide range of governance procedures and automatically carry out those procedures on their home platforms.
component of UNIX systems
PolicyKit-KDEPlasma5.png
Ubuntu logo
Polkit (formerly PolicyKit) is a component for controlling system-wide privileges in Unix-like operating systems. It provides an organized way for non-privileged processes to communicate with privileged ones, allowing a level of control โ€ฆ Wikipedia
Factsheet
polkit
Developers David Zeuthen, Red Hat
Release 0.3
Factsheet
polkit
Developers David Zeuthen, Red Hat
Release 0.3
๐ŸŒ
GitHub
github.com โ€บ polkit-org โ€บ polkit
GitHub - polkit-org/polkit: polkit (formerly PolicyKit) is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged processes. ยท GitHub
polkit (formerly PolicyKit) is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged processes. - polkit-org/polkit
Starred by 222 users
Forked by 82 users
Languages ย  C 93.5% | Meson 2.5% | Shell 2.5% | JavaScript 0.9% | Python 0.6% | Perl 0.0%
๐ŸŒ
Debian
wiki.debian.org โ€บ PolicyKit
PolicyKit - Debian Wiki
PolicyKit is an application-level toolkit for defining and handling the policy that allows unprivileged processes to speak to privileged processes, in order to grant some user the right to perform some tasks in some situations.
๐ŸŒ
Wikipedia
en.wikipedia.org โ€บ wiki โ€บ Polkit
Polkit - Wikipedia
1 week ago - Polkit (formerly PolicyKit) is a component for controlling system-wide privileges in Unix-like operating systems. It provides an organized way for non-privileged processes to communicate with privileged ones, allowing a level of control of centralized system policy.
๐ŸŒ
arXiv
arxiv.org โ€บ abs โ€บ 2008.04236
[2008.04236] PolicyKit: Building Governance in Online Communities
August 17, 2020 - When online communities desire other forms of government, such as ones that take many members' opinions into account or that distribute power in non-trivial ways, communities must resort to laborious manual effort. In this paper, we present PolicyKit, a software infrastructure that empowers online community members to concisely author a wide range of governance procedures and automatically carry out those procedures on their home platforms.
๐ŸŒ
ArchWiki
wiki.archlinux.org โ€บ title โ€บ Polkit
polkit - ArchWiki
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" "http://www.freedesktop.org/software/polkit/policyconfig-1.dtd"> <policyconfig> <action id="org.gnome.gparted"> <message>Authentication is required to run the GParted Partition Editor</message> <icon_name>gparted</icon_name> <defaults> <allow_any>auth_admin</allow_any> <allow_inactive>auth_admin</allow_inactive> <allow_active>auth_admin</allow_active> </defaults> <annotate key="org.freedesktop.policykit.exec.path">/usr/bin/gparted</annotate> <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate> </action> </policyconfig>
Find elsewhere
๐ŸŒ
Readthedocs
policykit.readthedocs.io
Welcome to the Docs for PolicyKit! โ€” PolicyKit documentation
PolicyKit empowers online community members to concisely author a wide range of governance procedures and automatically carry out those procedures on their home platforms. Inspired by Nobel economist Elinor Ostrom, weโ€™ve developed a framework that describes governance as a series of actions ...
๐ŸŒ
freedesktop.org
freedesktop.org โ€บ software โ€บ polkit โ€บ docs โ€บ latest โ€บ polkit.8.html
polkit: polkit Reference Manual
The org.freedesktop.policykit.imply annotation (its value is a string containing a space separated list of action identifiers) can be used to define meta actions. The way it works is that if a subject is authorized for an action with this annotation, then it is also authorized for any action ...
๐ŸŒ
freedesktop.org
freedesktop.org โ€บ software โ€บ polkit โ€บ docs โ€บ 0.105 โ€บ polkit.8.html
polkit
PolicyKit provides an authorization API intended to be used by privileged programs (โ€œMECHANISMSโ€) offering service to unprivileged programs (โ€œCLIENTSโ€) through some form of IPC mechanism such as D-Bus or Unix pipes. In this scenario, the mechanism typically treats the client as untrusted.
๐ŸŒ
GitHub
github.com โ€บ lxqt โ€บ lxqt-policykit
GitHub - lxqt/lxqt-policykit: The LXQt PolicyKit agent ยท GitHub
Technically, lxqt-policykit is just a single binary lxqt-policykit-agent which is running as LXQt Module and launching the GUI on demand.
Starred by 41 users
Forked by 21 users
Languages ย  C++ 81.0% | CMake 18.7% | Shell 0.3%
๐ŸŒ
Scarygliders
scarygliders.net โ€บ home โ€บ a brief guide to policykit
A brief guide to PolicyKit - Scarygliders
January 16, 2014 - Like the title suggests, this will be relatively brief โ€“ mostly because Policykit isnโ€™t as difficult to understand as I originally led myself to believe. It all sprang from starting to write about how to get X11rdp/xrdp up and running on your Linux systems.
๐ŸŒ
Readthedocs
policykit.readthedocs.io โ€บ en โ€บ latest โ€บ gettingstarted.html
Installation and Getting Started โ€” PolicyKit documentation
On this page, we will take you through the process of setting up PolicyKit, both for local development and on an Ubuntu server.
๐ŸŒ
SUSE
documentation.suse.com โ€บ sles โ€บ 12-SP5 โ€บ html โ€บ SLES-all โ€บ cha-security-policykit.html
Authorization with Polkit | Security and Hardening Guide | SLES 12 SP5
April 8, 2026 - Polkit (formerly known as PolicyKit) is an application framework that acts as a negotiator between the unprivileged user session and the privileged system context. Whenever a process from the user session tries to carry out an action in the ...
๐ŸŒ
Ubuntu
launchpad.net โ€บ ubuntu โ€บ +source โ€บ policykit-1
policykit-1 package : Ubuntu
1-dev: polkit Authorization API - development files pkexec: run commands as another user with polkit authorization pkexec-dbgsym: debug symbols for pkexec policykit-1-doc: documentation for polkit polkitd: framework for managing administrative policies and privileges polkitd-dbgsym: debug symbols for polkitd
๐ŸŒ
ADMIN Magazine
admin-magazine.com โ€บ Articles โ€บ Assigning-Privileges-with-sudo-and-PolicyKit
Assigning Privileges with sudo and PolicyKit ยป ADMIN Magazine
PolicyKit cleverly works its way around permissions problems and security risks with a completely different approach: If the user klaus wants to install a package, his package manager first asks PolicyKit whether this is a permitted action. PolicyKit can then immediately give klaus the go-ahead or prompt for a password.
Top answer
1 of 3
3

As pointed out by Simรฃo, the unit information is not supplied to polkit by systemd on RHEL 7. One way around the problem is to use pkexec to wrap the call to systemctl. You would need a wrapper script for your specific service, then have the rules apply to pkexec. The users would execute the command

pkexec /path/to/script

and the polkit rule would look something like this:

  polkit.addRule( 
  function(action,subject)
  {
    if ( (action.id == "org.freedesktop.policykit.exec") &&
         (action.lookup("user") == "root") &&
         (action.lookup("program") == "/path/to/script") &&
         (subject.isInGroup("someGroup") ) )
      return polkit.Result.YES;

    return polkit.Result.NOT_HANDLED;
  }
);

In a practical sense, this just re-creates sudo and scripts using the polkit framework. Whether this is "better" than using sudo is a value judgement I'll leave to others.

2 of 3
1

On CentOS7, action does not have access to the unit information. This was introduced on a later systemd version, v226.

https://github.com/systemd/systemd/commit/88ced61bf9673407f4b15bf51b1b408fd78c149d

I was also hit by this. You will need to allow the user to manage all units or go back to the stone age of having shell scripts on sudoers.

Also, I would like to limit non-root users to control this service who are in a specific group e.g. blah. How do I incorporate this into my rule?

Use subject.isInGroup("group").

See:

  • https://wiki.archlinux.org/index.php/Polkit#Authorization_rules
  • https://www.freedesktop.org/software/polkit/docs/latest/polkit.8.html
๐ŸŒ
libvirt
wiki.libvirt.org โ€บ SSHPolicyKitSetup.html
libvirt: Configuring management access via PolicyKit
PolicyKit allows for more flexible, fine grained access control than just granting access to a named unix group.
๐ŸŒ
Gentoo Wiki
wiki.gentoo.org โ€บ wiki โ€บ Polkit
polkit - Gentoo wiki
polkit (formerly PolicyKit) is an authorization API intended to be used by privileged programs (e.g.