Current File : //proc/self/root/kunden/usr/share/gtk-doc/html/polkit-1/pkcheck.1.html

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>pkcheck: polkit Reference Manual</title>
<meta name="generator" content="DocBook XSL Stylesheets Vsnapshot">
<link rel="home" href="index.html" title="polkit Reference Manual">
<link rel="up" href="manpages.html" title="Part V. Manual Pages">
<link rel="prev" href="polkitd.8.html" title="polkitd">
<link rel="next" href="pkaction.1.html" title="pkaction">
<meta name="generator" content="GTK-Doc V1.33.1 (XML mode)">
<link rel="stylesheet" href="style.css" type="text/css">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
<table class="navigation" id="top" width="100%" summary="Navigation header" cellpadding="2" cellspacing="5"><tr valign="middle">
<td width="100%" align="left" class="shortcuts"></td>
<td><a accesskey="h" href="index.html"><img src="home.png" width="16" height="16" border="0" alt="Home"></a></td>
<td><a accesskey="u" href="manpages.html"><img src="up.png" width="16" height="16" border="0" alt="Up"></a></td>
<td><a accesskey="p" href="polkitd.8.html"><img src="left.png" width="16" height="16" border="0" alt="Prev"></a></td>
<td><a accesskey="n" href="pkaction.1.html"><img src="right.png" width="16" height="16" border="0" alt="Next"></a></td>
</tr></table>
<div class="refentry">
<a name="pkcheck.1"></a><div class="titlepage"></div>
<div class="refnamediv"><table width="100%"><tr>
<td valign="top">
<h2><span class="refentrytitle">pkcheck</span></h2>
<p>pkcheck — Check whether a process is authorized</p>
</td>
<td class="gallery_image" valign="top" align="right"></td>
</tr></table></div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">pkcheck</code>  [<code class="option">--version</code>] [<code class="option">--help</code>]</p></div>
<div class="cmdsynopsis"><p><code class="command">pkcheck</code>  [<code class="option">--list-temp</code>]</p></div>
<div class="cmdsynopsis"><p><code class="command">pkcheck</code>  [<code class="option">--revoke-temp</code>]</p></div>
<div class="cmdsynopsis"><p><code class="command">pkcheck</code>   
        <code class="option">--action-id</code>
        <em class="replaceable"><code>action</code></em>
        { 
          <code class="option">--process</code>
           { 
              <em class="replaceable"><code>pid</code></em>
              |   
              <em class="replaceable"><code>pid,pid-start-time</code></em>
              |   
              <em class="replaceable"><code>pid,pid-start-time,uid</code></em>
             }
          |   
          <code class="option">--system-bus-name</code>
          <em class="replaceable"><code>busname</code></em>
         } [ 
          <code class="option">--allow-user-interaction</code>
         ] [ 
          <code class="option">--enable-internal-agent</code>
         ] [ 
          <code class="option">--detail</code>
          <em class="replaceable"><code>key</code></em>
          <em class="replaceable"><code>value</code></em>
         ...]</p></div>
</div>
<div class="refsect1">
<a name="pkcheck-descsription"></a><h2>DESCRIPTION</h2>
<p>
      <span class="command"><strong>pkcheck</strong></span> is used to check whether a process, specified by
      either <code class="option">--process</code> (see below) or <code class="option">--system-bus-name</code>,
      is authorized for <em class="replaceable"><code>action</code></em>. The <code class="option">--detail</code>
      option can be used zero or more times to pass details about <em class="replaceable"><code>action</code></em>.
      If <code class="option">--allow-user-interaction</code> is passed, <span class="command"><strong>pkcheck</strong></span> blocks
      while waiting for authentication.
    </p>
<p>
      The invocation <span class="command"><strong>pkcheck --list-temp</strong></span> will list
      all temporary authorizations for the current session and
      <span class="command"><strong>pkcheck --revoke-temp</strong></span> will revoke all
      temporary authorizations for the current session.
    </p>
<p>
      This command is a simple wrapper around the polkit D-Bus interface; see the
      D-Bus interface documentation for details.
    </p>
</div>
<div class="refsect1">
<a name="pkcheck-return-value"></a><h2>RETURN VALUE</h2>
<p>
      If the specified process is
      authorized, <span class="command"><strong>pkcheck</strong></span> exits with a return value
      of 0. If the authorization result contains any details, these
      are printed on standard output as key/value pairs using
      environment style reporting, e.g. first the key followed by a an equal sign, then the
      value followed by a newline.
</p>
<pre class="programlisting">
KEY1=VALUE1
KEY2=VALUE2
KEY3=VALUE3
...</pre>
<p>
      Octets that are not in [a-zA-Z0-9_] are escaped using octal codes prefixed
      with <span class="emphasis"><em>\</em></span>.
      For example, the UTF-8 string <span class="emphasis"><em>føl,你好</em></span> will be printed
      as <span class="emphasis"><em>f\303\270l\54\344\275\240\345\245\275</em></span>.
    </p>
<p>
      If the specified process is not
      authorized, <span class="command"><strong>pkcheck</strong></span> exits with a return value
      of 1 and a diagnostic message is printed on standard error. Details
      are printed on standard output.
    </p>
<p>
      If the specified process is not
      authorized because no suitable authentication agent is available or if the
      <code class="option">--allow-user-interaction</code> wasn't passed, <span class="command"><strong>pkcheck</strong></span>
      exits with a return value of 2 and a diagnostic message is printed on standard error.
      Details are printed on standard output.
    </p>
<p>
      If the specified process is not authorized because the
      authentication dialog / request was dismissed by the user,
      <span class="command"><strong>pkcheck</strong></span> exits with a return value of 3 and a
      diagnostic message is printed on standard error.  Details are
      printed on standard output.
    </p>
<p>
      If an error occurred while checking for authorization, <span class="command"><strong>pkcheck</strong></span> exits
      with a return value of 127 with a diagnostic message printed on standard error.
    </p>
<p>
      If one or more of the options passed are malformed, <span class="command"><strong>pkcheck</strong></span> exits
      with a return value of 126. If stdin is a tty, then this manual page is also shown.
    </p>
</div>
<div class="refsect1">
<a name="pkcheck-notes"></a><h2>NOTES</h2>
<p>
      Do not use either the bare <em class="replaceable"><code>pid</code></em> or
      <em class="replaceable"><code>pid,start-time</code></em> syntax forms for
      <code class="option">--process</code>.  There are race conditions in both.
      New code should always use
      <em class="replaceable"><code>pid,pid-start-time,uid</code></em>.  The value of
      <em class="replaceable"><code>start-time</code></em> can be determined by
      consulting e.g. the
      <span class="citerefentry"><span class="refentrytitle">proc</span>(5)</span>
      file system depending on the operating system.  If fewer than 3
      arguments are passed, <span class="command"><strong>pkcheck</strong></span> will attempt to
      look up them up internally, but note that this may be racy.
    </p>
<p>
      If your program is a daemon with e.g. a custom Unix domain
      socket, you should determine the <em class="replaceable"><code>uid</code></em>
      parameter via operating system mechanisms such as
      <code class="literal">PEERCRED</code>.
    </p>
</div>
<div class="refsect1">
<a name="pkcheck-auth-agent"></a><h2>AUTHENTICATION AGENT</h2>
<p>
      <span class="command"><strong>pkcheck</strong></span>, like any other polkit
      application, will use the authentication agent registered for
      the process in question. However, if no authentication agent is
      available, then <span class="command"><strong>pkcheck</strong></span> can register its own
      textual authentication agent if the option
      <code class="option">--enable-internal-agent</code> is passed.
    </p>
</div>
<div class="refsect1">
<a name="pkcheck-author"></a><h2>AUTHOR</h2>
<p>
      Written by David Zeuthen <code class="email">&lt;<a class="email" href="mailto:davidz@redhat.com">davidz@redhat.com</a>&gt;</code> with
      a lot of help from many others.
    </p>
</div>
<div class="refsect1">
<a name="pkcheck-bugs"></a><h2>BUGS</h2>
<p>
      Please send bug reports to either the distribution or the
      polkit-devel mailing list,
      see the link <a class="ulink" href="http://lists.freedesktop.org/mailman/listinfo/polkit-devel" target="_top">http://lists.freedesktop.org/mailman/listinfo/polkit-devel</a>
      on how to subscribe.
    </p>
</div>
<div class="refsect1">
<a name="pkcheck-see-also"></a><h2>SEE ALSO</h2>
<p>
      <a class="link" href="polkit.8.html" title="polkit"><span class="citerefentry"><span class="refentrytitle">polkit</span>(8)</span></a>,
      <a class="link" href="polkitd.8.html" title="polkitd"><span class="citerefentry"><span class="refentrytitle">polkitd</span>(8)</span></a>,
      <a class="link" href="pkaction.1.html" title="pkaction"><span class="citerefentry"><span class="refentrytitle">pkaction</span>(1)</span></a>,
      <a class="link" href="pkexec.1.html" title="pkexec"><span class="citerefentry"><span class="refentrytitle">pkexec</span>(1)</span></a>,
      <a class="link" href="pkttyagent.1.html" title="pkttyagent"><span class="citerefentry"><span class="refentrytitle">pkttyagent</span>(1)</span></a>
    </p>
</div>
</div>
<div class="footer">
<hr>Generated by GTK-Doc V1.33.1</div>
</body>
</html>