{
    "mode": "man",
    "parameter": "pkcheck",
    "section": "1",
    "url": "https://www.chedong.com/phpMan.php/man/pkcheck/1/json",
    "generated": "2026-06-03T00:29:43Z",
    "synopsis": "pkcheck [--version] [--help]\npkcheck [--list-temp]\npkcheck [--revoke-temp]\npkcheck --action-id action {--process { pid | pid,pid-start-time | pid,pid-start-time,uid } |\n--system-bus-name busname} [--allow-user-interaction] [--enable-internal-agent]\n[--detail key value...]",
    "sections": {
        "NAME": {
            "content": "pkcheck - Check whether a process is authorized\n",
            "subsections": []
        },
        "SYNOPSIS": {
            "content": "pkcheck [--version] [--help]\n\npkcheck [--list-temp]\n\npkcheck [--revoke-temp]\n\npkcheck --action-id action {--process { pid | pid,pid-start-time | pid,pid-start-time,uid } |\n--system-bus-name busname} [--allow-user-interaction] [--enable-internal-agent]\n[--detail key value...]\n",
            "subsections": []
        },
        "DESCRIPTION": {
            "content": "pkcheck is used to check whether a process, specified by either --process (see below) or\n--system-bus-name, is authorized for action. The --detail option can be used zero or more\ntimes to pass details about action. If --allow-user-interaction is passed, pkcheck blocks\nwhile waiting for authentication.\n\nThe invocation pkcheck --list-temp will list all temporary authorizations for the current\nsession and pkcheck --revoke-temp will revoke all temporary authorizations for the current\nsession.\n\nThis command is a simple wrapper around the PolicyKit D-Bus interface; see the D-Bus\ninterface documentation for details.\n",
            "subsections": []
        },
        "RETURN VALUE": {
            "content": "If the specified process is authorized, pkcheck exits with a return value of 0. If the\nauthorization result contains any details, these are printed on standard output as key/value\npairs using environment style reporting, e.g. first the key followed by a an equal sign, then\nthe value followed by a newline.\n\nKEY1=VALUE1\nKEY2=VALUE2\nKEY3=VALUE3\n...\n\nOctects that are not in [a-zA-Z0-9] are escaped using octal codes prefixed with \\. For\nexample, the UTF-8 string føl,你好 will be printed as f\\303\\270l\\54\\344\\275\\240\\345\\245\\275.\n\nIf the specificied process is not authorized, pkcheck exits with a return value of 1 and a\ndiagnostic message is printed on standard error. Details are printed on standard output.\n\nIf the specificied process is not authorized because no suitable authentication agent is\navailable or if the --allow-user-interaction wasn't passed, pkcheck exits with a return value\nof 2 and a diagnostic message is printed on standard error. Details are printed on standard\noutput.\n\nIf the specificied process is not authorized because the authentication dialog / request was\ndismissed by the user, pkcheck exits with a return value of 3 and a diagnostic message is\nprinted on standard error. Details are printed on standard output.\n\nIf an error occured while checking for authorization, pkcheck exits with a return value of\n127 with a diagnostic message printed on standard error.\n\nIf one or more of the options passed are malformed, pkcheck exits with a return value of 126.\nIf stdin is a tty, then this manual page is also shown.\n",
            "subsections": []
        },
        "NOTES": {
            "content": "Do not use either the bare pid or pid,start-time syntax forms for --process. There are race\nconditions in both. New code should always use pid,pid-start-time,uid. The value of\nstart-time can be determined by consulting e.g. the proc(5) file system depending on the\noperating system. If fewer than 3 arguments are passed, pkcheck will attempt to look up them\nup internally, but note that this may be racy.\n\nIf your program is a daemon with e.g. a custom Unix domain socket, you should determine the\nuid parameter via operating system mechanisms such as PEERCRED.\n",
            "subsections": []
        },
        "AUTHENTICATION AGENT": {
            "content": "pkcheck, like any other PolicyKit application, will use the authentication agent registered\nfor the process in question. However, if no authentication agent is available, then pkcheck\ncan register its own textual authentication agent if the option --enable-internal-agent is\npassed.\n",
            "subsections": []
        },
        "AUTHOR": {
            "content": "Written by David Zeuthen <davidz@redhat.com> with a lot of help from many others.\n",
            "subsections": []
        },
        "BUGS": {
            "content": "Please send bug reports to either the distribution or the polkit-devel mailing list, see the\nlink http://lists.freedesktop.org/mailman/listinfo/polkit-devel on how to subscribe.\n",
            "subsections": []
        },
        "SEE ALSO": {
            "content": "polkit(8), pkaction(1), pkexec(1), pkttyagent(1)\n\n\n\npolkit                                        May 2009                                    PKCHECK(1)",
            "subsections": []
        }
    },
    "summary": "pkcheck - Check whether a process is authorized",
    "flags": [],
    "examples": [],
    "see_also": [
        {
            "name": "polkit",
            "section": "8",
            "url": "https://www.chedong.com/phpMan.php/man/polkit/8/json"
        },
        {
            "name": "pkaction",
            "section": "1",
            "url": "https://www.chedong.com/phpMan.php/man/pkaction/1/json"
        },
        {
            "name": "pkexec",
            "section": "1",
            "url": "https://www.chedong.com/phpMan.php/man/pkexec/1/json"
        },
        {
            "name": "pkttyagent",
            "section": "1",
            "url": "https://www.chedong.com/phpMan.php/man/pkttyagent/1/json"
        }
    ]
}