Password for sudo and pkexec

Hi.
I am a new user of Fedora and linux in general, having installed Fedora 37 on my PC, I found that the same password is used for the sudo and pkexec command as for logging in. But I need different passwords for login and commands like sudo and pkexec. My searches on the internet, have led me to sudoers file and defaults rootpw parameter, but I have a feeling that this is not the right solution, or not at all.
How do I get different passwords for logins and commands like sudo and pkexec without breaking the system or its components?

re sudo
sudo will always ask for the user password. What you can do is cut the user’s ability to use sudo by removing them from the wheel group. Then, when you need elevated permissions, use user root. change to root with `su -

re pkexec
sorry, don’t know. only hint I can give: pkexec uses polkit for authorization. I guess you need to define rules manually. Does polkit - ArchWiki provide any help?

I’ve read about this, but some other distributions such as Linux Mint ask for the user’s password to log in and ask for the root password for the sudo command, so somehow this can be configured.

Also, I’m not sure if removing my user from the wheel group won’t affect something else. Not just on sudo…

I added a defaults rootpw entry to the sudoers file, this solved the sudo problem, and the command started asking for the root password instead of the password of the user it was called from, but I am convinced this is not the right solution as some processes need to run with their password, also adding defaults rootpw did not solve the problem with pkexec, this command still asks for the user password, after entering which access as root user is granted.

Have read the information on ArchWiki, so far nothing is clear.

1 Like

no, being in wheel is just enabling the use of sudo.

that’s the way to do it. or even better. create a “drop-in” file in /etc/sudoers.d/ that contains defaults rootpw.

? sorry, not quite sure what you mean.

create a file /etc/polkit-1/localauthority.conf.d/60-root.conf with content:

[Configuration]
AdminIdentities=unix-user:0

(works for me.)

1 Like

Almost all distros use the user’s password for both sudo and pkexec by default.

The only distro I know of that doesn’t do this is Suse and any derivatives of it.

I guess you mix it up with su, this is the abbreviation of “super user”. If you not add a username, it asks you for the root password.
By default, fedora workstation makes you (who installs the system) as an wheel user. Noting else as an other expression as sudo.

To activate root, you just have to set a password for the root user like:
sudo setpasswd root then you get asked first for your user pw and then to set the new one for root.

In older times, someone who was a “big wheel” in the companies had a bit more rights as the common once :wink:

See also point 4 of the list we made here: