🌐
Arch Linux Man Pages
man.archlinux.org › man › pkexec.1.en
pkexec(1) — Arch manual pages
The environment that PROGRAM will run it, will be set to a minimal known and safe environment in order to avoid injecting code through LD_LIBRARY_PATH or similar mechanisms. In addition the PKEXEC_UID environment variable is set to the user id of the process invoking pkexec.
🌐
Arch Linux Forums
bbs.archlinux.org › viewtopic.php
[SOLVED] pkexec from Polkit allows any user to gain root privs / System Administration / Arch Linux Forums
February 18, 2025 - I've installed Arch Linux long time ago and have been tried many graphical environments(KDE, GNOME, XFCE, LXDE, Enlightenment, Hyprland, Sway, COSMIC and more). But I never mind about Polkit because always used sudo for my privileged operations and today I found that /usr/bin/pkexec coming with polkit package has SUID-bit installed and has executable bit for everybody
Discussions

use pkexec instead of sudo / su
This repository was archived by the owner on Aug 9, 2019. It is now read-only. ... it would be nice if you could use pkexec instead of sudo or su. it would, when thers an X server ask for passwd with a graphical interface and if youre on a terminall would ask in terminal. More on github.com
🌐 github.com
6
January 20, 2016
Running "pkexec <program>" with Rofi not working
Do you have any polkit clients running? More on reddit.com
🌐 r/archlinux
3
0
July 23, 2025
Pkexec instead of terminal password prompt
A subreddit for the Arch Linux user community for support and useful news. More on reddit.com
🌐 r/archlinux
5
4
August 9, 2021
Pkexec not prompting for password
This software comes with a GUI control panel which may be executed in terminal with sudo /opt/lampp/manager-linux-x64.run. However, I do not wish to load a terminal window every time I want to load the GUI control panel, so some searching led me to Using pkexec on the Arch Linux Wiki. When I fol... More on forum.garudalinux.org
🌐 forum.garudalinux.org
14
0
March 6, 2025
🌐
Arch Linux Forums
bbs.archlinux.org › viewtopic.php
[solved] Using 'pkexec' command instead of 'gksu' / Applications & Desktop Environments / Arch Linux Forums
October 4, 2011 - Most of modern linux DEs forces us to use policykit mechanism. In theory it should allow us to run aplications as another user - so there is no need to use gksu, ktssus or other - any polkit agent is ok (polkit-gnome or lxpolkit). Program pkexec works fine with console apps, but I still can't start any X program.
🌐
GitHub
github.com › archlinuxfr › yaourt › issues › 207
use pkexec instead of sudo / su · Issue #207 · archlinuxfr/yaourt
January 20, 2016 - it would be nice if you could use pkexec instead of sudo or su. it would, when thers an X server ask for passwd with a graphical interface and if youre on a terminall would ask in terminal. you could set easier the rights for userspecifi...
Author   archlinuxfr
🌐
Arch Linux Man Pages
man.archlinux.org › man › ettercap-pkexec.8.en
ettercap-pkexec(8) — Arch manual pages
This launcher depends on policykit-1 and the menu packages, and basically wraps the ettercap binary command with a pkexec action script usually defined on /usr/share/polkit-1/actions/org.pkexec.ettercap.policy, allowing users to directly call ettercap from the desktop or menu launcher with root privileges.
🌐
Reddit
reddit.com › r/archlinux › running "pkexec " with rofi not working
r/archlinux on Reddit: Running "pkexec <program>" with Rofi not working
July 23, 2025 -

I'm trying to run Pamac with sudo using Rofi, I made a .desktop file (which Rofi does recognize) that has the line

Exec=pkexec pamac-manager

I also tried

Exec=pkexec pamac-manager &&

but nothing appears on the screen. When I run the same command from a terminal, the auth appears, I enter my password and then it says

(pamac-manager:2653): Gtk-WARNING **: 15:29:27.002: Failed to open display

but I can open it normally when I use sudo pamac-manager or when I open Add/Remove Software with Rofi, it just can't really be used that way.

I also tried GParted, same thing happens with a .desktop file but when I run it in a terminal like pkexec gparted it works.

This is what my .desktop files look like:
[Desktop Entry]

Name=GParted

Comment=Create, reorganize, and delete disk partitions

Exec=pkexec gparted

Icon=gparted

Terminal=false

Type=Application

Categories=System;Utility;DiskManagement;

🌐
ArchWiki
wiki.archlinux.org › title › Running_GUI_applications_as_root
Privilege elevation for graphical applications - ArchWiki
December 26, 2025 - Trying to run a graphical application as root via su, sudo or pkexec in a Wayland session (e.g.
🌐
Command Not Found
command-not-found.com › pkexec
command-not-found.com – pkexec
curl cmd.cat/pkexec.sh · Debian · apt-get install policykit-1 · Ubuntu · apt-get install policykit-1 · Alpine · apk add polkit · Arch Linux · pacman -S polkit · Kali Linux · apt-get install policykit-1 · CentOS · yum install polkit · Fedora · dnf install polkit ·
Find elsewhere
🌐
BunsenLabs Linux Forums
forums.bunsenlabs.org › viewtopic.php
pkexec on Wayland / Dev Discussions / BunsenLabs Linux Forums
August 23, 2024 - https://wiki.archlinux.org/title/Runnin … sing_xhost · 3) Sudo has an -E option to pass the caller's environment variables to root, which lets it work on Wayland. Add the -H option so HOME is set to /root instead of /home/<user> and it looks as if it might be sort of OK: ... That opens apps like synaptic, gparted or bl-text-editor as root on Wayland. The main annoyance is that you need an open terminal to run it, so menu items are a bit clunky. 4) Pkexec is deliberately made not to pass on environment variables to the target (security, right) so there's no option like -E, but...
🌐
Artix Linux
forum.artixlinux.org › index.php › topic,4598.0.html
pkexec command not working correctly
Topic: pkexec command not working correctly (Read 3181 times) previous topic - next topic
🌐
Rapid7
rapid7.com › db › vulnerabilities › arch-linux-cve-2021-4034
Arch Linux: Privilege escalation (CVE-2021-4034)
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies.
🌐
CodeWeavers
support.codeweavers.com › missingpkexec
Missing pkexec tool - CodeWeavers
The pkexec tool may be needed to run commands as root. On CrossOver 17 and greater, the simplest solution to fix this issue is to run: /path/to/cxoffice/bin/cxfix missingpkexec · Or add --show-all to see how CrossOver would fix it on your platform and others. Alternatively you may try one of the commands below. For 32 & 64-bit Windows applications · Arch Linux : pacman -Syu polkit ·
🌐
Debian
packages.debian.org › search
Debian -- Package Contents Search Results -- pkexec
Limit to a architecture: [amd64] [arm64] [armel] [armhf] [i386] [mips64el] [mipsel] [ppc64el] [riscv64] [s390x] You have searched for paths that end with pkexec in suite trixie, all sections, and all architectures.
🌐
Arch Linux Forums
bbs.archlinux.org › viewtopic.php
pkexec doesn't work properly / Newbie Corner / Arch Linux Forums
I've been struggling trying to make pkexec work and I feel like I've tried everything.
🌐
Arch Linux Forums
bbs.archlinux.org › viewtopic.php
how does arch feel about using pkexec for running guis as root? / Applications & Desktop Environments / Arch Linux Forums
June 2, 2020 - Some time ago I have found solution - use policy kit configuration files (policy or action) which have the option 'allow_gui' enabled. Example of such file can be found in gparted package. According to google, the direct method does not work because by default pkexec does not launch gui apps.
🌐
Linux Mint Forums
forums.linuxmint.com › board index › main edition support › beginner questions
<SOLVED> pkexec polkit - Linux Mint Forums
April 7, 2019 - in arch linux i still make use of gksu. Timeshift for example is opened with gksu instead of pkexec. i like it because it gives me the option to save password and only input it once.
🌐
FreeBSD
forums.freebsd.org › desktop usage › window managers › other window managers
Xfce - "pkexec: authorization could not be obtained" starting cpu-x daemon | The FreeBSD Forums
February 12, 2024 - After a fresh re-install of 14.0-RELEASE and sticking strictly to the quarterly binary package repo, I cannot reproduce the problem with KDE Plasma nor with MATE, but the problem does indeed persist with XFCE. I guess something has gone awry with XFCE's handling of polkit/pkexec events, as evidenced by my issue as well as that detailed in this thread.
🌐
Reddit
reddit.com › r/linux › what does pkexec actually do?
r/linux on Reddit: What does pkexec actually do?
September 7, 2025 -

I just figured out pkexec. What’s the actual point of pkexec when sudo already exists? Does pkexec serve some deeper purpose tied to PolicyKit and GUI app authentication? Can't I use sudo to do the work of pkexec?

Top answer
1 of 6
114
The point is that pkexec uses different mechanisms for authorization and authentication. Authentication is how you prove who you are. Authorization is the rules that determine what you can do. Sudo relies on traditional Unix discretionary access controls for authentication. These consist of your user's UID, GID, and password. So you can configure sudo to authenticate users based on their user, group membership, and/or passwords. Sudo relies on sudoers files for determining authorization. You put in there rules on what commands can be executed as what user, whether they require a password, and so on and so forth. Sudo is most useful in situations were you want to be able to log root access to particular users. Giving sudo access to the command is pretty much the same as granting them root access. Instead of them logging in as root using root's password (which doesn't give you a indication of who they are), they have to execute sudo which creates a log entry that indicates when and who executed a particular command. It isn't really useful in strongly limiting root access since it is usually trivial for a attacker to trick programs into giving them full root access. Thus limiting what commands they can execute is more of just a way to limit accidental foot-shooting. Of course you can use sudo to grant access from one user account to another, but it is less commonly used for that. Pkexec, on the other hand, adds sudo-like CLI features to Polkit (formally known as policykit). The point of polkit is mostly for authentication/authorizing users to communicate between processes. Like if you are on your desktop and you plug in a USB drive... does your user have the right to have the desktop environment automatically mount the drive for you? So when you plug in a USB drive the udev system sends a notification out over DBUS that a drive was plugged in. Your Desktop Environment daemons (KDE or Gnome or whatever) receive the dbus message and then sends a request to udisk daemon running as root to mount the drive on their behalf. Polkit provides the policy mechanism to determine if your user is authorized to perform that action. So it regulates the interact between your DE and udisk. Polkit policies are a lot more fine grained then sudoer rules and can make decisions based on context. Like if you are logged over SSH you can have a different set of rules then if you are logged directly into the machine. This is generally considered a lot more secure then using sudo for mounting because it doesn't require using root to execute commands. Instead you are sending requests to privileged daemons and they decide whether or not to actually perform the action. Pkexec then allows you to use polkit rules instead of sudo for doing sudo-like stuff. You lose a lot of the security benefits, but it does allow people to only have to rely on a single policy source. I don't think that it is very commonly used, though.
2 of 6
31
It uses the desktop's password prompt thingy instead of asking in the terminal like sudo does. I guess it's intended for use with the desktop app launcher where you don't have a terminal.