What are ConsoleKit and PolicyKit? How do they work?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
37
down vote

favorite
7












I've seen that recent GNU/Linux are using ConsoleKit and PolicyKit. What are they for? How do they work?



The best answer should explain what kind of problem each one tries to solve, and how they manage to solve it.



I'm a long-time GNU/Linux user, from a time when such things didn't exist. I've been using Slackware and recently Gentoo. I'm an advanced user/admin/developer, so the answer can (and should!) be as detailed and as accurate as possible. I want to understand how these things work, so I can use them (as an user or as a developer) the best possible way.










share|improve this question



























    up vote
    37
    down vote

    favorite
    7












    I've seen that recent GNU/Linux are using ConsoleKit and PolicyKit. What are they for? How do they work?



    The best answer should explain what kind of problem each one tries to solve, and how they manage to solve it.



    I'm a long-time GNU/Linux user, from a time when such things didn't exist. I've been using Slackware and recently Gentoo. I'm an advanced user/admin/developer, so the answer can (and should!) be as detailed and as accurate as possible. I want to understand how these things work, so I can use them (as an user or as a developer) the best possible way.










    share|improve this question

























      up vote
      37
      down vote

      favorite
      7









      up vote
      37
      down vote

      favorite
      7






      7





      I've seen that recent GNU/Linux are using ConsoleKit and PolicyKit. What are they for? How do they work?



      The best answer should explain what kind of problem each one tries to solve, and how they manage to solve it.



      I'm a long-time GNU/Linux user, from a time when such things didn't exist. I've been using Slackware and recently Gentoo. I'm an advanced user/admin/developer, so the answer can (and should!) be as detailed and as accurate as possible. I want to understand how these things work, so I can use them (as an user or as a developer) the best possible way.










      share|improve this question















      I've seen that recent GNU/Linux are using ConsoleKit and PolicyKit. What are they for? How do they work?



      The best answer should explain what kind of problem each one tries to solve, and how they manage to solve it.



      I'm a long-time GNU/Linux user, from a time when such things didn't exist. I've been using Slackware and recently Gentoo. I'm an advanced user/admin/developer, so the answer can (and should!) be as detailed and as accurate as possible. I want to understand how these things work, so I can use them (as an user or as a developer) the best possible way.







      linux polkit consolekit






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited May 25 '12 at 8:51









      maxschlepzig

      32.5k31135206




      32.5k31135206










      asked Dec 29 '10 at 15:20









      Denilson Sá Maia

      9191814




      9191814




















          1 Answer
          1






          active

          oldest

          votes

















          up vote
          21
          down vote



          accepted










          In short, consolekit is a service which tracks user sessions (i.e. where a user is logged in). It allows switching users without logging out (many user can be logged in on the same hardware at the same time with one user active). It is also used to check if a session is "local" i.e. if a user has direct access to hardware (which may be considered more secure then remote access). ConsoleKit documentation.



          PolicyKit allows fine-tuned capabilities in a desktop environment. Traditionally only a privileged user (root) was allowed to configure network. However while in a server environment it is a reasonable assumption that it would be too limiting to not be allowed to connect to a hotspot on laptop, for example. However you may still not want to give full privileges to this person (like installing programs) or may want to limit options for some people (for example on your children laptops only 'trusted' networks with parental filters can be used). As far as I remember it works like:



          • Program send message to daemon via dbus about action

          • Daemon uses PolicyKit libraries/configuration (in fact PolicyKit daemon) to determine if a user is allowed to perform an action. It may happen that certain conditions must be fulfilled (like entering password or hardware access).

          • Daemon performs action according to it (returns auth error or performs action)

          PolicyKit documentation.



          EDIT currently the ConsoleKit is largely replaced by logind, which is part of systemd, although there is standalone version elogind.






          share|improve this answer






















            Your Answer







            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "106"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            convertImagesToLinks: false,
            noModals: false,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );













             

            draft saved


            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f5220%2fwhat-are-consolekit-and-policykit-how-do-they-work%23new-answer', 'question_page');

            );

            Post as a guest






























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes








            up vote
            21
            down vote



            accepted










            In short, consolekit is a service which tracks user sessions (i.e. where a user is logged in). It allows switching users without logging out (many user can be logged in on the same hardware at the same time with one user active). It is also used to check if a session is "local" i.e. if a user has direct access to hardware (which may be considered more secure then remote access). ConsoleKit documentation.



            PolicyKit allows fine-tuned capabilities in a desktop environment. Traditionally only a privileged user (root) was allowed to configure network. However while in a server environment it is a reasonable assumption that it would be too limiting to not be allowed to connect to a hotspot on laptop, for example. However you may still not want to give full privileges to this person (like installing programs) or may want to limit options for some people (for example on your children laptops only 'trusted' networks with parental filters can be used). As far as I remember it works like:



            • Program send message to daemon via dbus about action

            • Daemon uses PolicyKit libraries/configuration (in fact PolicyKit daemon) to determine if a user is allowed to perform an action. It may happen that certain conditions must be fulfilled (like entering password or hardware access).

            • Daemon performs action according to it (returns auth error or performs action)

            PolicyKit documentation.



            EDIT currently the ConsoleKit is largely replaced by logind, which is part of systemd, although there is standalone version elogind.






            share|improve this answer


























              up vote
              21
              down vote



              accepted










              In short, consolekit is a service which tracks user sessions (i.e. where a user is logged in). It allows switching users without logging out (many user can be logged in on the same hardware at the same time with one user active). It is also used to check if a session is "local" i.e. if a user has direct access to hardware (which may be considered more secure then remote access). ConsoleKit documentation.



              PolicyKit allows fine-tuned capabilities in a desktop environment. Traditionally only a privileged user (root) was allowed to configure network. However while in a server environment it is a reasonable assumption that it would be too limiting to not be allowed to connect to a hotspot on laptop, for example. However you may still not want to give full privileges to this person (like installing programs) or may want to limit options for some people (for example on your children laptops only 'trusted' networks with parental filters can be used). As far as I remember it works like:



              • Program send message to daemon via dbus about action

              • Daemon uses PolicyKit libraries/configuration (in fact PolicyKit daemon) to determine if a user is allowed to perform an action. It may happen that certain conditions must be fulfilled (like entering password or hardware access).

              • Daemon performs action according to it (returns auth error or performs action)

              PolicyKit documentation.



              EDIT currently the ConsoleKit is largely replaced by logind, which is part of systemd, although there is standalone version elogind.






              share|improve this answer
























                up vote
                21
                down vote



                accepted







                up vote
                21
                down vote



                accepted






                In short, consolekit is a service which tracks user sessions (i.e. where a user is logged in). It allows switching users without logging out (many user can be logged in on the same hardware at the same time with one user active). It is also used to check if a session is "local" i.e. if a user has direct access to hardware (which may be considered more secure then remote access). ConsoleKit documentation.



                PolicyKit allows fine-tuned capabilities in a desktop environment. Traditionally only a privileged user (root) was allowed to configure network. However while in a server environment it is a reasonable assumption that it would be too limiting to not be allowed to connect to a hotspot on laptop, for example. However you may still not want to give full privileges to this person (like installing programs) or may want to limit options for some people (for example on your children laptops only 'trusted' networks with parental filters can be used). As far as I remember it works like:



                • Program send message to daemon via dbus about action

                • Daemon uses PolicyKit libraries/configuration (in fact PolicyKit daemon) to determine if a user is allowed to perform an action. It may happen that certain conditions must be fulfilled (like entering password or hardware access).

                • Daemon performs action according to it (returns auth error or performs action)

                PolicyKit documentation.



                EDIT currently the ConsoleKit is largely replaced by logind, which is part of systemd, although there is standalone version elogind.






                share|improve this answer














                In short, consolekit is a service which tracks user sessions (i.e. where a user is logged in). It allows switching users without logging out (many user can be logged in on the same hardware at the same time with one user active). It is also used to check if a session is "local" i.e. if a user has direct access to hardware (which may be considered more secure then remote access). ConsoleKit documentation.



                PolicyKit allows fine-tuned capabilities in a desktop environment. Traditionally only a privileged user (root) was allowed to configure network. However while in a server environment it is a reasonable assumption that it would be too limiting to not be allowed to connect to a hotspot on laptop, for example. However you may still not want to give full privileges to this person (like installing programs) or may want to limit options for some people (for example on your children laptops only 'trusted' networks with parental filters can be used). As far as I remember it works like:



                • Program send message to daemon via dbus about action

                • Daemon uses PolicyKit libraries/configuration (in fact PolicyKit daemon) to determine if a user is allowed to perform an action. It may happen that certain conditions must be fulfilled (like entering password or hardware access).

                • Daemon performs action according to it (returns auth error or performs action)

                PolicyKit documentation.



                EDIT currently the ConsoleKit is largely replaced by logind, which is part of systemd, although there is standalone version elogind.







                share|improve this answer














                share|improve this answer



                share|improve this answer








                edited 3 mins ago









                Community♦

                1




                1










                answered Dec 29 '10 at 16:08









                Maciej Piechotka

                11k64276




                11k64276



























                     

                    draft saved


                    draft discarded















































                     


                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f5220%2fwhat-are-consolekit-and-policykit-how-do-they-work%23new-answer', 'question_page');

                    );

                    Post as a guest













































































                    Popular posts from this blog

                    How to check contact read email or not when send email to Individual?

                    Displaying single band from multi-band raster using QGIS

                    How many registers does an x86_64 CPU actually have?