PolicyKit

Contents

9.1. Available Policies and Supported Applications
9.2. Authorization Types
9.3. Modifying and Setting Privileges

Abstract

PolicyKit is an application framework that acts as a negotiator between the unprivileged user session and the privileged system context. Whenever a process from the user session tries to carry out an action in the system context, PolicyKit is queried. Based on its configuration—specified in a so-called policy—the answer could be yes, no, or needs authentication. Unlike classical privilege authorization programs such as sudo, PolicyKit does not grant root permissions to an entire process, following the least privilege concept.

Available Policies and Supported Applications

At the moment, not all applications requiring privileges make use of PolicyKit. In the following the most important policies available on openSUSE® are listed.

CUPS
Add, remove, edit, enable or disable printers
Job control
NetworkManager
Modify System Connections
PolicyKit
Read and change privileges for other users
Modify defaults
System
Wake on LAN
Mount or unmount fixed, hotpluggable and encrypted devices
Enable or disable WLAN
Enable or disable Bluetooth
Device access
Stop and restart the system
Modify power management settings
Undock a docking station