Shouldn't sudoers be required to enter a password or use sudo to install layered packages with "rpm-ostree install"?

I am loving my fedora silverblue but it bothers me that sudoers are not asked for a password when they install layered packages with rpm-ostree install . In mainstream fedora-workstation systems a sudoer unlike root always have to use sudo to install packages with dnf.

It is pretty easy to undo but if you left your system logged in and unattended, someone could get up to some mischief. But new installed packages would not take affect until they reboot and then they could not login.

How can I undo it correctly (i.e I’m thinking about changing the permission of rpm-ostree binary or modifying the sudoers file). I want to add a line in my post.sh file in my ostree.

The permissions are set in /usr/share/polkit-1/rules.d/org.projectatomic.rpmostree1.rules. You can override them in /etc/polkit-1/rules.d/org.projectatomic.rpmostree1.rules

Thanks I found the permission files and I was able to override them.