Setting up a separate admin user with run0

For security reasons, I want to use a separate user for admin purposes.

This user is in the wheel group and confined with SELinux.

Setup of the users

For creation, I roughly followed this guide

run0 sh -c '
    adduser -Z sysadm_u sysadm
    passwd sysadm
    usermod -aG wheel sysadm
'

When logging in to the user works…

run0 -u sysadm

the current user can be removed from the wheel group

echo $USER
run0 gpasswd -d wheel $USER

What works

  • kde kio-admin (entering admin:/ in Dolphin to access files as admin)
  • KDE Partitionmanager
  • rpm-ostree
  • more stuff using polkit

What doesn’t work

Flatpak when using the -y flag. This is a small usability issue.

When leaving out the -y flag, it works normally, I can authenticate with the confined sysadm user and do systemwide changes.