I put a bounty on this question hoping that I'd get a more nuanced answer other than no, don't uninstall it. What I really want to know is what is it used for. I have a few hundred ubuntu servers, some I (a fairly inexperienced sysadmin) made and these have polkit installed on them. Others were built by a legit sysadmin from a packer template and these do not have polkit on them.
I tried removing polkit on some of the machines I made, it didn't list any core dependencies.
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
colord-data libcolorhug2 libexif12 libgd3 libgphoto2-6 libgphoto2-l10n libgphoto2-port12 libgusb2 libieee1284-3 libltdl7 libsane libsane-common libvpx3
Use 'sudo apt autoremove' to remove them.
The following packages will be REMOVED:
colord policykit-1
0 upgraded, 0 newly installed, 2 to remove and 0 not upgraded.
After this operation, 1,284 kB disk space will be freed.
good riddance colord
I think the dependency comes by way of a config file that says what the OS should do when requesting elevated privileges OR if the hash bang is pkexec and these scripts do not appear to exist on my system,
these files do exist:
Binary file ./share/command-not-found/programs.d/all-universe.db matches
Binary file ./share/command-not-found/programs.d/amd64-main.db matches
Binary file ./share/command-not-found/programs.d/amd64-universe.db matches
./share/doc/base-passwd/users-and-groups.html:>pkexec</B
./share/polkit-1/actions/com.ubuntu.update-notifier.policy: <action id="com.ubuntu.update-notifier.pkexec.cddistupgrader">
./share/polkit-1/actions/com.ubuntu.update-notifier.policy: <action id="com.ubuntu.update-notifier.pkexec.package-system-locked">
./share/update-notifier/package-data-downloads-failed:Command: pkexec /usr/lib/update-notifier/package-data-downloader
Binary file ./bin/pkexec matches
./lib/update-notifier/backend_helper.py: cmd = ["/usr/bin/synaptic-pkexec",
./lib/update-notifier/backend_helper.py: cmd = ["/usr/bin/synaptic-pkexec",
./lib/update-notifier/backend_helper.py: if os.path.exists("/usr/bin/synaptic-pkexec"):
./lib/update-notifier/backend_helper.py: cmd = ["/usr/bin/synaptic-pkexec"]
./lib/update-notifier/backend_helper.py: cmd = ["/usr/bin/synaptic-pkexec", "--add-cdrom", mount_path]
./lib/update-notifier/backend_helper.py: if os.path.exists("/usr/bin/synaptic-pkexec"):
./lib/python3/dist-packages/DistUpgrade/DistUpgradeFetcherCore.py: # not know otherwise, pkexec will not raise a exception
Binary file ./lib/python3/dist-packages/UpdateManager/backend/__pycache__/InstallBackendSynaptic.cpython-35.pyc matches
./lib/python3/dist-packages/UpdateManager/backend/InstallBackendSynaptic.py: cmd = ["/usr/bin/pkexec", "/usr/sbin/synaptic", "--hide-main-window",
./lib/python3/dist-packages/apport/ui.py: # If we are called through pkexec/sudo, determine the real user id and
./lib/python3/dist-packages/apport/ui.py: # alternatively, unsafe to funnel it through pkexec/env/sudo, so
Binary file ./lib/python3/dist-packages/apport/__pycache__/hookutils.cpython-35.pyc matches
./lib/python3/dist-packages/apport/hookutils.py: return ['pkexec']
./lib/python3/dist-packages/apport/hookutils.py: This passes the command through pkexec, unless the caller is already root.
./lib/python3/dist-packages/apport/hookutils.py: Just like root_command_output, this passes the command through pkexec,
it looks like it could affect patching, but I don't use synaptic
if there is a c program with it compiled in, I'm unaware, but I would hope it would be a dependency.
The only thing I know it does effect is running something like service sshd restart
instead of
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to restart 'ssh.service'.
Authenticating as: root
it just tells me (as an unauthorized user) to take a hike.
