#PolicyKit

Sam Lehman :nixos:Lehmanator@fosstodon.org
2025-01-14

Enabling an auth method shouldn't prevent you from using others, but if you enable fingerprint auth via #fprintd, privilege escalation commands like #sudo don't let you use a password anymore to authorize actions; you must use a fingerprint (until the fingerprint request times out)

#PolicyKit dialogs show a useless "Authenticate" button that never actually gets clicked, but not a password entry textbox (until after fingerprint auth fails)

The UI is already there, just show it!

GNOME auth dialog displaying a password entry textbox after fingerprint auth fails.The default GNOME auth dialog when fprintd is enabled. Shows a title, description with the command seeking auth, my profile picture, directions asking the user to scan a fingerprint, and buttons labeled "Cancel" & "Authenticate" without showing a password entry textbox.
Elias Probsteliasp
2023-05-16

@Hemera any chances you're talking about ? 😅

2023-05-16

@eliasp @rust_discussions #PolicyKit used to be quite the obtusely documented mess. Has that improved?

All the JS-based rules stuff seems to still have no documentation in Debian (even with policykit-1-doc installed) beyond the default rules (if you count that as docs).

Elias Probsteliasp
2023-05-12

@rust_discussions none of my systems has - and never had.
"Back in the days", I just used "su", nowadays most applications use to get elevated privileges for a specific operation and in case I need a full shell, "machinectl shell .host" (aliased to "msh" here) provides a proper (not just subprocess-spawned) session incl. a DBus and systemd user-session.

lj·rk @WHY2025ljrk@todon.eu
2023-03-28

Do any #GNOME folx know why polkit-gnome gitlab.gnome.org/Archive/polic got archived and is considered "legacy" now? What is "the way" to have graphical applications ask for rights through #PolKit #PolicyKit?

2022-12-31

After switching from Bitwarden to 1Password this week, I couldn't figure out how to get Linux system authentication working between the CLI tool and the 1Password application.

As with most things, it was:

🤦‍♂️ My fault
🤏 A one-line fix

#1password #policykit #i3wm

major.io/p/1password-cli-lxpol

Hannes Grasseggerhnsgr@mstdn.social
2022-11-14

Proposing 3 steps to@solve the #ContentModeration issue on #Mastodon.

Step 1) Create rules for your instance. Easiest is to do it yourself.

Best is to create a policy with your community, and set up a democratic process for it.
Here is how joinmastodon.org/covenant

Hey, you are founding a state. Write a constitution. You could ask @axz – she’s built tools like #PolicyKit. policykit.org Another great resource is metagov.org

Elias Probsteliasp
2022-08-31

@aral the fact, that "list-machines" provides output is most likely the inconsistency here, as machines are also global.
The difference between 's "--system" and "--user" mode is, whether something is managed within a user's resources and/or session, like user units/services running within a user's login/desktop session.
This has nothing to do with a users permissions to control services in the system context, for which privileges are granted via through

Axel ⌨🐧🐪🚴😷 | R.I.P Natenomxtaran@chaos.social
2022-05-27

@debacle @xpac: #pkexec alleine ist schon grusig, siehe z.B. CVE-2021-4034. Und da dann noch #JavaScript dahinter? 🤮

Gut, dass man auch sehr gut ohne #PolicyKit, #sudo und ähnliche #LPE-anfällige Programme leben kann — auch auf dem #Linux #Desktop.

Fabian (Bocchi) 🏳️‍🌈fabiscafe@mstdn.social
2022-04-15

Does anyone have a nice and simple example of a #python script that involves #policykit / #polkit to ultimately write a file to a root-owned directory?

2022-04-01

Could it be a #policyKit problem ?
I tried to launch system-printer-config as root and it refuses to open a display (even with pkexec).

DansLeRuSH ᴱᶰdanslerush@fosstodon.org
2022-01-26

« #Security company Qualys has uncovered a truly dangerous memory corruption #vulnerability in polkit's pkexec, CVE-2021-4034. #Polkit, formerly known as #PolicyKit, is a #systemd SUID-root program. It's installed by default in every major #Linux distribution. » ⚠️ zdnet.com/article/major-linux-

syd 💕pl
2019-05-07

Is there anyone who has experience with ​://session multi-user limits separation via ?

I'd like to give multiple users access to a host so they can start/stop/reinstall their n-vms with n-features.

2019-02-03

#PolicyKit: "Authorization rules are defined in JavaScript .rules"

wiki.archlinux.org/index.php/P

Ohhohhh Whyyy ?

youtube.com/watch?v=HG7I4oniOy

Client Info

Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst