Initial draft of privilege escalation policy

Matthias Clasen mclasen at
Tue Jan 26 03:40:09 UTC 2010

On Mon, 2010-01-25 at 19:23 -0700, Stephen John Smoogen wrote:
> On Mon, Jan 25, 2010 at 6:29 PM, Adam Williamson <awilliam at> wrote:
> > On Mon, 2010-01-25 at 14:41 -0700, Stephen John Smoogen wrote:
> >
> >> Personally I would prefer if we had just ONE system to do priv
> >> escalation through. I wish there was some 'libsudo' or 'pamsudo' that
> >> applications could go though then I would think your job, app writers
> >> jobs and who knows else would be a lot easier. Either that or a sudod
> >> but thats just crazy land.
> >
> > That's more or less exactly what PolicyKit is supposed to achieve.
> That sounds promising. Does PolicyKit have a Sudo shell level
> replacement that can be used and how does one write rules for it (and
> how does it fit into the general need for auditing everything larger
> than the home user usually ends up needing?)

pkexec is the sudo replacement. see pkexec(1). For the larger picture
and how to write policy for PolicyKit, see polkit(8) and

> [I am writing with a bad headache so I hope the questions are ok]

Hope I didn't make it worse by pointing you at those man pages...

More information about the test mailing list