Introduction to Polkit

Polkit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to communicate with privileged processes.

This package is known to build and work properly using an LFS-7.10 platform.

Package Information

Polkit Dependencies


GLib-2.48.2, and JS-17.0.0

Optional (Required if building GNOME)



docbook-xml-4.5, docbook-xsl-1.79.1, GTK-Doc-1.25, libxslt-1.1.29, and Linux-PAM-1.3.0



If libxslt-1.1.29 is installed, then docbook-xml-4.5 and docbook-xsl-1.79.1 are required. If you have installed libxslt-1.1.29, but you do not want to install any of the DocBook packages mentioned, you will need to use --disable-man-pages in the instructions below.

User Notes: http://wiki.linuxfromscratch.org/blfs/wiki/polkit

Installation of Polkit

There should be a dedicated user and group to take control of the polkitd daemon after it is started. Issue the following commands as the root user:

groupadd -fg 27 polkitd &&
useradd -c "PolicyKit Daemon Owner" -d /etc/polkit-1 -u 27 \
        -g polkitd -s /bin/false polkitd

Install Polkit by running the following commands:

sed -i "/seems to be moved/s/^/#/" ltmain.sh &&
./configure --prefix=/usr                    \
            --sysconfdir=/etc                \
            --localstatedir=/var             \
            --disable-static                 \
            --enable-libsystemd-login=no     \
            --with-authfw=shadow             &&

To test the results, issue: make check. Note that system D-Bus daemon must be running for the testsuite to complete. There is also a warning about ConsoleKit database not present, but that one can be safely ignored.

Now, as the root user:

make install

Command Explanations

sed -i ... ltmain.sh: This sed silences many useless and annoying warnings from libtool.

--enable-libsystemd-login=no: This parameter fixes building without systemd, which is not part of LFS/BLFS. If you use systemd, replace "no" by "yes".

--with-authfw=shadow: This parameter configures the package to use the Shadow rather than the Linux-PAM Authentication framework. Remove it if you would like to use Linux-PAM.

--disable-static: This switch prevents installation of static versions of the libraries.

--enable-gtk-doc: Use this parameter if GTK-Doc is installed and you wish to rebuild and install the API documentation.

Configuring Polkit

PAM Configuration



If you did not build Polkit with Linux PAM support, you can skip this section.

If you have built Polkit with Linux PAM support, you need to modify the default PAM configuration file which was installed by default to get Polkit to work correctly with BLFS. Issue the following commands as the root user to create the configuration file for Linux PAM:

cat > /etc/pam.d/polkit-1 << "EOF"
# Begin /etc/pam.d/polkit-1

auth     include        system-auth
account  include        system-account
password include        system-password
session  include        system-session

# End /etc/pam.d/polkit-1


Installed Programs: pkaction, pkcheck, pk-example-frobnicate, pkexec, pkttyagent and polkitd
Installed Libraries: libpolkit-agent-1.so and libpolkit-gobject-1.so
Installed Directories: /etc/polkit-1, /usr/include/polkit-1, /usr/lib/polkit-1, /usr/share/gtk-doc/html/polkit-1 and /usr/share/polkit-1

Short Descriptions


is used to obtain information about registered PolicyKit actions.


is used to check whether a process is authorized for action.


is an example program to test the pkexec command.


allows an authorized user to execute a command as another user.


is used to start a textual authentication agent for the subject.


provides the org.freedesktop.PolicyKit1 D-Bus service on the system message bus.


contains the Polkit authentication agent API functions.


contains the Polkit authorization API functions.

Last updated on 2016-08-27 13:19:14 -0700