How can the polkit daemon launch something like synaptic when it isn't a privileged user?
by hazel from LinuxQuestions.org on (#4X0JN)
I have a kind of idea how the polkit system works. Users ask to perform an internally named action, a libpolkit function inside the program notifies polkitd, polkitd checks in the policy files in /lib/polkit*/rules.d and /etc/polkit*/rules.d and either performs the action for the user, refuses it, or uses a local polkit agent to collect an authorisation token and then decides. I also understand that older programs like synaptic that don't use libpolkit can be launched by pkexec, which has a polkit-controlled "execute" action.
But how does the polkit daemon, which isn't a privileged user, launch something like synaptic with root privileges? It would be easy to understand if polkitd ran as root (as many daemons do of course) but it actually runs as a separate polkit user. The polkit section in the BLFS book says polkitd shouldn't run as root for security reasons. So how is the privilege escalated safely?
But how does the polkit daemon, which isn't a privileged user, launch something like synaptic with root privileges? It would be easy to understand if polkitd ran as root (as many daemons do of course) but it actually runs as a separate polkit user. The polkit section in the BLFS book says polkitd shouldn't run as root for security reasons. So how is the privilege escalated safely?