PolicyKit is an operating system component for controlling system-wide privileges in Unix-like operating systems. It provides an roganized way for non-privileged processes to communicate with privileged ones. In contrast to systems such as sudo, it does not grant root permission to an entire process, but rather allows a finer level of control of centralized system policy.
Files shipped with PolicyKit and 3rd party packages (e.g. under package manager control) typically have comments (such as “DO NOT EDIT THIS FILE, it will be overwritten on update”) telling the system administrator that changes will be overwritten on update.
Configuration for the Local Authority is read from files in the /etc/polkit-1/localauthority.conf.d directory.
The Local Authority reads files with .pkla extension from all directories located inside the /etc/polkit-1/localauthority and /var/lib/polkit-1/localauthority directories. By default, the following sub-directories are installed.
New direcrtories and can be added or removed. The configuration files are the .pkla files. A .pkla file must be named by using a scheme to ensure that the name is unique, e.g. reverse DNS notation or similar. For example com.mycompany.packagekit.pkla .
Each group in a .pkla file must have a name that is unique within the file it belongs to.
The following keys are are recognized:
Sample .pkla file
This configuration file allows packagekit to install and remove packages.
The policies files are located in /usr/share/polkit-1/actions/"DBUS application name" .
Anything in /usr isn't considered 'configuration', so any time the PolicyKit is updated modifications will be wiped out and the modifications should be done again. Configuration should be set /etc or /var .
$ man pklocalauthority