Desktop Linux is an insecure mess. As long as the
- .bashrc
- $PATH
- applications directory
And more are writable, any program can easily catch your sudo password.
Also maybe any program able to launch bash SCRIPT may be dangerous, but I dont think so? It could not fake a sudo prompt.
So an important step to solve this is fixing the Desktop experience for nonwheel users, and having a seperate admin account in the wheel group.
(Also I hope the new installer wont warn when there is no root account!)
Problems:
- flatpak installs not working.
- kde partitionmanager, gparted not working
- mounting backup drives not working.
- dnf update, rpm-ostree update needing sudo permissions
Solutions:
- flatpak group? Is adding the user repo only possible without this, do the GUIs allow that?
- polkit rules
- polkit rules, but access permissions are a mess. What if they are chown’ed by a different user? Can I somehow make all mounted drives readable by a user in a certain group?
- polkit rules. Hopefully upstream fixes this?
What is the admin group used for? I would like to use that in some rules allowing the mounts, and partition edits.
Also, I formerly protected some files and directories making them only writable or even readable by root.
- shell configs: read and execute, writable only by root
- .ssh, .gnupg only readable by root! Except some config files
I am happy for help!