Remove "sudo" access from your user to improve security. Instead, a dedicated Admin account is created.

This script works on Distributions using the sudo group (like Debian, Ubuntu, Linux Mint) or the wheel group (like Fedora, OpenSUSE, Arch).

When using systemd version 256 or higher, it automatically uses run0 for privilege escalation.

If the creation of an admin user fails, the current user stays untouched.

After setting up such a dedicated admin user and removing this access from your main user, sudo will not work anymore.

Instead, you can use run0 or pkexec for privilege escalation. Example:

run0 cat /etc/shadow

pkexec nano /etc/fstab

For executing multiple commands with a single authentication prompt, spawn an elevated shell:

run0 sh -c '
  command1
  command2
  command3
'

Alternatively, you can switch to the admin user using ru or run0:

run0 -u admin

su admin

In here, you can escalate privileges using sudo, run0 or pkexec.

If some actions are not polkit-aware (they don't show a prompt to authenticate with a different user) but allow passwordless execution from a wheel/sudo user, you can switch to that user and execute them, without escalating to root.

These use polkit since basically forever, so they will work. A password prompt is shown and automatically asks you for the password of a user in the wheel/sudo group.

Examples:

• KDE Plasma
  • Partitionmager
  • Dolphin File Manager
    • kio-admin (entering admin:/ in the location bar)
    • mounting, decrypting external drives
  • Kate Editor
• GNOME
  • Nautilus File Manager
    • privilege escalation (entering admin:/ in the location bar)
    • mounting, decrypting external drives
  • Text editor
• Other apps
  • Fedora media writer
  • Impression