ConsoleKit is a framework for defining and tracking users, login sessions, and seats. ConsoleKit's primary function is to support multi-user setups. It also works for a single user, but offers no benefits compared to existing methods.
ConsoleKit is a D-Bus daemon and creates for each PAM session its own session. All applications in that session can make use of the permissions granted to this session. ConsoleKit determines if the session is local (created by a local user in contrast to users logged in over the network), and if the session is active (meaning it's the most recent session). Based on these distinctions, ConsoleKit assigns device file permissions (e.g. for audio, video and more) to the session. Other software like polkit also make use of these distinctions.
Fast user switching is a feature powered by ConsoleKit. When switching, device file permissions get changed to the new active user and applications in the old session get notified, so they can revoke grants based on ConsoleKit information.
ConsoleKit supports shutdown/reboot handling, so that only the local, active user can shutdown or reboot the system.
The planned multi-seat feature is not fully implemented. At the moment all local sessions are in
Seat1, all other sessions are in
This article assumes that D-Bus has been previously configured.
General setup ---> [*] Auditing support [*] Enable system-call auditing support
ConsoleKit support can be enabled system-wide by setting the
USE variable to
consolekit. The desktop profiles implicitly enable ConsoleKit.
The USE flags of sys-auth/consolekit are:
|USE flag (what is that?)||Default||Recommended||Description|
||No||Yes||Add support for Access Control Lists|
||No||Enable extra debug codepaths, like asserts and extra output. If you want to get meaningful backtraces see http://www.gentoo.org/proj/en/qa/backtraces.xml|
||No||Add extra documentation (API, Javadoc, etc). It is recommended to enable per package instead of globally|
||No||Yes||Add support for PAM (Pluggable Authentication Modules) - DANGEROUS to arbitrarily flip|
||No||Yes||Use the PolicyKit framework (sys-auth/polkit) to get authorization for suspend/shutdown.|
||No||!!internal use only!! Security Enhanced Linux support, this must be set by the selinux profile or breakage will occur|
||No||No||Install systemd unit files to replace the modern functionality of logind in sys-apps/systemd. Not recommended.|
||No||Workaround to pull in packages needed to run with FEATURES=test. Portage-2.1.2 handles this internally, so don't set it in make.conf/package.use anymore|
The system needs to be updated if the
USE variable was set to
emerge --ask --changed-use --deep @world
To have a ConsoleKit session created when using startx to start the X server (instead of a display manager), add the following to ~/.xinitrc.
exec ck-launch-session dbus-launch --sh-syntax --exit-with-session YOUR_COMMAND
YOUR_COMMAND needs to be replaced by a window manager or a single application.
To start ConsoleKit:
To start ConsoleKit at boot:
rc-update add consolekit default
- ck-list-sessions: Displays the details of all current sessions. For a local user,
- Gentoo bugtracker: known bugs
- ck-history: Use the
--logparameter to display the logged messages.
- The ConsoleKit init.d script /etc/init.d/consolekit uses the
-qparameter to suppress debug messages. Remove this parameter and restart the service to get more messages. Use also the parameter
--debugto get even more messages.
- Since ConsoleKit communicates over D-Bus, D-Bus Troubleshooting may be of help.