run commands as another user with polkit authorization

 polkit is an application-level toolkit for defining and handling the policy
 that allows unprivileged processes to speak to privileged processes.
 It was previously named PolicyKit.
 .
 pkexec is a setuid program to allow certain users to run commands as
 root or as a different user, similar to sudo. Unlike sudo, it carries
 out authentication and authorization by sending a request to polkit,
 so it uses desktop environments' familiar prompting mechanisms for
 authentication and uses polkit policies for authorization decisions.
 .
 By default, members of the 'sudo' Unix group can use pkexec to run any
 command after authenticating. The authorization rules can be changed by
 the local system administrator.
 .
 If this functionality is not required, removing the pkexec package will
 reduce security risk by removing a setuid program.