Contents
Abstract
PolicyKit is an application framework that acts as a negotiator between the
unprivileged user session and the privileged system context. Whenever a
process from the user session tries to carry out an action in the system
context, PolicyKit is queried. Based on its configuration—specified in a
so-called “policy”—the answer could be
“yes”, “no”, or needs
authentication
. Unlike classical privilege authorization
programs such as sudo, PolicyKit does not grant root
permissions to an
entire process, following the “least privilege” concept.
At the moment, not all applications requiring privileges make use of PolicyKit. In the following the most important policies available on openSUSE® are listed.
Add, remove, edit, enable or disable printers |
Job control |
Modify System Connections |
Read and change privileges for other users |
Modify defaults |
Wake on LAN |
Mount or unmount fixed, hotpluggable and encrypted devices |
Enable or disable WLAN |
Enable or disable Bluetooth |
Device access |
Stop and restart the system |
Modify power management settings |
Undock a docking station |