Fixing nonwheel user accounts

Desktop Linux is an insecure mess. As long as the

  • .bashrc
  • $PATH
  • applications directory

And more are writable, any program can easily catch your sudo password.

Also maybe any program able to launch bash SCRIPT may be dangerous, but I dont think so? It could not fake a sudo prompt.

So an important step to solve this is fixing the Desktop experience for nonwheel users, and having a seperate admin account in the wheel group.

(Also I hope the new installer wont warn when there is no root account!)


  • flatpak installs not working.
  • kde partitionmanager, gparted not working
  • mounting backup drives not working.
  • dnf update, rpm-ostree update needing sudo permissions


  • flatpak group? Is adding the user repo only possible without this, do the GUIs allow that?
  • polkit rules
  • polkit rules, but access permissions are a mess. What if they are chown’ed by a different user? Can I somehow make all mounted drives readable by a user in a certain group?
  • polkit rules. Hopefully upstream fixes this?

What is the admin group used for? I would like to use that in some rules allowing the mounts, and partition edits.

Also, I formerly protected some files and directories making them only writable or even readable by root.

  • shell configs: read and execute, writable only by root
  • .ssh, .gnupg only readable by root! Except some config files

I am happy for help!

That is only true if you have malware already installed on your system.
In which case you have already lost right?

1 Like

That would be equal to storing your passwords in plain text in ~/ …

Can you provide some more details about what you’re trying to accomplish with regard to flatpaks?