What are ConsoleKit and PolicyKit? How do they work?
Clash Royale CLAN TAG#URR8PPP
up vote
37
down vote
favorite
I've seen that recent GNU/Linux are using ConsoleKit and PolicyKit. What are they for? How do they work?
The best answer should explain what kind of problem each one tries to solve, and how they manage to solve it.
I'm a long-time GNU/Linux user, from a time when such things didn't exist. I've been using Slackware and recently Gentoo. I'm an advanced user/admin/developer, so the answer can (and should!) be as detailed and as accurate as possible. I want to understand how these things work, so I can use them (as an user or as a developer) the best possible way.
linux polkit consolekit
edited May 25 '12 at 8:51
maxschlepzig
32.5k31135206
asked Dec 29 '10 at 15:20
Denilson Sá Maia
9191814
add a comment |Â
up vote
37
down vote
favorite
I've seen that recent GNU/Linux are using ConsoleKit and PolicyKit. What are they for? How do they work?
The best answer should explain what kind of problem each one tries to solve, and how they manage to solve it.
I'm a long-time GNU/Linux user, from a time when such things didn't exist. I've been using Slackware and recently Gentoo. I'm an advanced user/admin/developer, so the answer can (and should!) be as detailed and as accurate as possible. I want to understand how these things work, so I can use them (as an user or as a developer) the best possible way.
linux polkit consolekit
edited May 25 '12 at 8:51
maxschlepzig
32.5k31135206
asked Dec 29 '10 at 15:20
Denilson Sá Maia
9191814
add a comment |Â
up vote
37
down vote
favorite
up vote
37
down vote
favorite
I've seen that recent GNU/Linux are using ConsoleKit and PolicyKit. What are they for? How do they work?
The best answer should explain what kind of problem each one tries to solve, and how they manage to solve it.
I'm a long-time GNU/Linux user, from a time when such things didn't exist. I've been using Slackware and recently Gentoo. I'm an advanced user/admin/developer, so the answer can (and should!) be as detailed and as accurate as possible. I want to understand how these things work, so I can use them (as an user or as a developer) the best possible way.
linux polkit consolekit
edited May 25 '12 at 8:51
maxschlepzig
32.5k31135206
asked Dec 29 '10 at 15:20
Denilson Sá Maia
9191814
I've seen that recent GNU/Linux are using ConsoleKit and PolicyKit. What are they for? How do they work?
The best answer should explain what kind of problem each one tries to solve, and how they manage to solve it.
I'm a long-time GNU/Linux user, from a time when such things didn't exist. I've been using Slackware and recently Gentoo. I'm an advanced user/admin/developer, so the answer can (and should!) be as detailed and as accurate as possible. I want to understand how these things work, so I can use them (as an user or as a developer) the best possible way.
linux polkit consolekit
linux polkit consolekit
edited May 25 '12 at 8:51
maxschlepzig
32.5k31135206
asked Dec 29 '10 at 15:20
Denilson Sá Maia
9191814
edited May 25 '12 at 8:51
maxschlepzig
32.5k31135206
asked Dec 29 '10 at 15:20
Denilson Sá Maia
9191814
edited May 25 '12 at 8:51
maxschlepzig
32.5k31135206
edited May 25 '12 at 8:51
maxschlepzig
32.5k31135206
edited May 25 '12 at 8:51
maxschlepzig
32.5k31135206
32.5k31135206
asked Dec 29 '10 at 15:20
Denilson Sá Maia
9191814
asked Dec 29 '10 at 15:20
Denilson Sá Maia
9191814
asked Dec 29 '10 at 15:20
Denilson Sá Maia
9191814
9191814
add a comment |Â
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
21
down vote
accepted
In short, consolekit is a service which tracks user sessions (i.e. where a user is logged in). It allows switching users without logging out (many user can be logged in on the same hardware at the same time with one user active). It is also used to check if a session is "local" i.e. if a user has direct access to hardware (which may be considered more secure then remote access). ConsoleKit documentation.
PolicyKit allows fine-tuned capabilities in a desktop environment. Traditionally only a privileged user (root) was allowed to configure network. However while in a server environment it is a reasonable assumption that it would be too limiting to not be allowed to connect to a hotspot on laptop, for example. However you may still not want to give full privileges to this person (like installing programs) or may want to limit options for some people (for example on your children laptops only 'trusted' networks with parental filters can be used). As far as I remember it works like:
- Program send message to daemon via dbus about action
- Daemon uses PolicyKit libraries/configuration (in fact PolicyKit daemon) to determine if a user is allowed to perform an action. It may happen that certain conditions must be fulfilled (like entering password or hardware access).
- Daemon performs action according to it (returns auth error or performs action)
PolicyKit documentation.
EDIT currently the ConsoleKit is largely replaced by logind, which is part of systemd, although there is standalone version elogind.
edited 3 mins ago
Community♦
1
answered Dec 29 '10 at 16:08
Maciej Piechotka
11k64276
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
21
down vote
accepted
In short, consolekit is a service which tracks user sessions (i.e. where a user is logged in). It allows switching users without logging out (many user can be logged in on the same hardware at the same time with one user active). It is also used to check if a session is "local" i.e. if a user has direct access to hardware (which may be considered more secure then remote access). ConsoleKit documentation.
PolicyKit allows fine-tuned capabilities in a desktop environment. Traditionally only a privileged user (root) was allowed to configure network. However while in a server environment it is a reasonable assumption that it would be too limiting to not be allowed to connect to a hotspot on laptop, for example. However you may still not want to give full privileges to this person (like installing programs) or may want to limit options for some people (for example on your children laptops only 'trusted' networks with parental filters can be used). As far as I remember it works like:
- Program send message to daemon via dbus about action
- Daemon uses PolicyKit libraries/configuration (in fact PolicyKit daemon) to determine if a user is allowed to perform an action. It may happen that certain conditions must be fulfilled (like entering password or hardware access).
- Daemon performs action according to it (returns auth error or performs action)
PolicyKit documentation.
EDIT currently the ConsoleKit is largely replaced by logind, which is part of systemd, although there is standalone version elogind.
edited 3 mins ago
Community♦
1
answered Dec 29 '10 at 16:08
Maciej Piechotka
11k64276
add a comment |Â
up vote
21
down vote
accepted
In short, consolekit is a service which tracks user sessions (i.e. where a user is logged in). It allows switching users without logging out (many user can be logged in on the same hardware at the same time with one user active). It is also used to check if a session is "local" i.e. if a user has direct access to hardware (which may be considered more secure then remote access). ConsoleKit documentation.
PolicyKit allows fine-tuned capabilities in a desktop environment. Traditionally only a privileged user (root) was allowed to configure network. However while in a server environment it is a reasonable assumption that it would be too limiting to not be allowed to connect to a hotspot on laptop, for example. However you may still not want to give full privileges to this person (like installing programs) or may want to limit options for some people (for example on your children laptops only 'trusted' networks with parental filters can be used). As far as I remember it works like:
- Program send message to daemon via dbus about action
- Daemon uses PolicyKit libraries/configuration (in fact PolicyKit daemon) to determine if a user is allowed to perform an action. It may happen that certain conditions must be fulfilled (like entering password or hardware access).
- Daemon performs action according to it (returns auth error or performs action)
PolicyKit documentation.
EDIT currently the ConsoleKit is largely replaced by logind, which is part of systemd, although there is standalone version elogind.
edited 3 mins ago
Community♦
1
answered Dec 29 '10 at 16:08
Maciej Piechotka
11k64276
add a comment |Â
up vote
21
down vote
accepted
up vote
21
down vote
accepted
In short, consolekit is a service which tracks user sessions (i.e. where a user is logged in). It allows switching users without logging out (many user can be logged in on the same hardware at the same time with one user active). It is also used to check if a session is "local" i.e. if a user has direct access to hardware (which may be considered more secure then remote access). ConsoleKit documentation.
PolicyKit allows fine-tuned capabilities in a desktop environment. Traditionally only a privileged user (root) was allowed to configure network. However while in a server environment it is a reasonable assumption that it would be too limiting to not be allowed to connect to a hotspot on laptop, for example. However you may still not want to give full privileges to this person (like installing programs) or may want to limit options for some people (for example on your children laptops only 'trusted' networks with parental filters can be used). As far as I remember it works like:
- Program send message to daemon via dbus about action
- Daemon uses PolicyKit libraries/configuration (in fact PolicyKit daemon) to determine if a user is allowed to perform an action. It may happen that certain conditions must be fulfilled (like entering password or hardware access).
- Daemon performs action according to it (returns auth error or performs action)
PolicyKit documentation.
EDIT currently the ConsoleKit is largely replaced by logind, which is part of systemd, although there is standalone version elogind.
edited 3 mins ago
Community♦
1
answered Dec 29 '10 at 16:08
Maciej Piechotka
11k64276
In short, consolekit is a service which tracks user sessions (i.e. where a user is logged in). It allows switching users without logging out (many user can be logged in on the same hardware at the same time with one user active). It is also used to check if a session is "local" i.e. if a user has direct access to hardware (which may be considered more secure then remote access). ConsoleKit documentation.
PolicyKit allows fine-tuned capabilities in a desktop environment. Traditionally only a privileged user (root) was allowed to configure network. However while in a server environment it is a reasonable assumption that it would be too limiting to not be allowed to connect to a hotspot on laptop, for example. However you may still not want to give full privileges to this person (like installing programs) or may want to limit options for some people (for example on your children laptops only 'trusted' networks with parental filters can be used). As far as I remember it works like:
- Program send message to daemon via dbus about action
- Daemon uses PolicyKit libraries/configuration (in fact PolicyKit daemon) to determine if a user is allowed to perform an action. It may happen that certain conditions must be fulfilled (like entering password or hardware access).
- Daemon performs action according to it (returns auth error or performs action)
PolicyKit documentation.
EDIT currently the ConsoleKit is largely replaced by logind, which is part of systemd, although there is standalone version elogind.
edited 3 mins ago
Community♦
1
answered Dec 29 '10 at 16:08
Maciej Piechotka
11k64276
edited 3 mins ago
Community♦
1
edited 3 mins ago
Community♦
1
edited 3 mins ago
Community♦
1
1
answered Dec 29 '10 at 16:08
Maciej Piechotka
11k64276
answered Dec 29 '10 at 16:08
Maciej Piechotka
11k64276
answered Dec 29 '10 at 16:08
Maciej Piechotka
11k64276
11k64276
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f5220%2fwhat-are-consolekit-and-policykit-how-do-they-work%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
