don’t do this on a production machine!
The new systemd run0
is supposed to be a good security leap. It uses polkit in the background and works without a setuid
binary (like sudo
or pkexec
are).
It can replace sudo, which means as a start we could begin with removing setuid from the pkexec
and sudo
binaries and see what happens.
At a user level we could do
cat >> ~/.bashrc <<EOF
alias sudo=run0
alias pkexec=run0
EOF
cat >> ~/.zshrc <<EOF
alias sudo=run0
alias pkexec=run0
EOF
cat >> ~/.config/fish/config.fish <<EOF
alias sudo=run0
alias pkexec=run0
EOF
And possibly get things to work that expect sudo
(a lot) or pkexec (probably not much).
Possible would also be to remove sudo altogether, but, test in a VM or a secondary SDD.
When removing sudo
a while ago, on KDE shutdown was broken. init 0
could be used instead, but not sure how KDE interacts here.
run0 mv /etc/dnf/protected.d/sudo.conf /etc/dnf/protected.d/sudo.conf.disabled
# dnf
run0 dnf remove sudo
# rpm-ostree
rpm-ostree override-remove sudo
But until then we need to test it. What non-cosmetical issues did you get, if any?