What are ConsoleKit and PolicyKit? How do they work?

I have seen that recent GNU/Linux are using ConsoleKit and PolicyKit. What are they for? How do they work?

The best answer should explain what kind of problem each one tries to solve, and how they manage to solve it.

I am a long-time GNU/Linux user, from a time when such things did not exist. I have been using Slackware and recently Gentoo. I am an advanced user/admin/developer, so the answer can (and should!) be as detailed and as accurate as possible. I want to understand how these things work, so I can use them (as a user or as a developer) the best possible way.


Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.

Method 1

ConsoleKit (documentation) was a service which tracks user sessions (i.e. where a user is logged in). It allows switching users without logging out (many users can be logged in on the same hardware at the same time with one user active). It is also used to check if a session is “local” i.e. if a user has direct access to hardware (which may be considered more secure than remote access).

Currently the ConsoleKit is largely replaced by logind, which is part of systemd, although there is standalone version elogind.

polkit (née PolicyKit) documentation allows fine-tuned capabilities in a desktop environment. Traditionally only a privileged user (root) was allowed to configure network. However, while in a server environment it is a reasonable assumption that it would be too limiting to not be allowed to connect to a hotspot on laptop, for example. However, you may still not want to give full privileges to this person (like installing programs) or may want to limit options for some people (for example on your children laptops only ‘trusted’ networks with parental filters can be used). As far as I remember it works like:

  • Program send message to daemon via dbus about action
  • Daemon uses polkit libraries/configuration (in fact polkit daemon) to determine if a user is allowed to perform an action. It may happen that certain conditions must be fulfilled (like entering password or hardware access).
  • Daemon performs action according to it (returns auth error or performs action)

All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

0 0 votes
Article Rating
Notify of
Inline Feedbacks
View all comments