"Sudo" for Fedora GUI Admin Apps

In Ubuntu Linux, all the graphical administrative applications (for example, user and group management) prompt you for your user password and not the root password. But in Fedora and many other Linux distributions, these apps always prompt for the root password.

Ubuntu by default follows some good security practices such as locking out the root password so that you can't log in directly as root (short of using sudo -i), but in Fedora systems if you lock out the root password, you can't use any of the graphical admin apps anymore since they ask for the root password.

So, here's how to set up Fedora to ask for the user password for graphical admin apps:

There are scripts in /etc/security/console.apps/ for most of the graphical admin apps, for example /etc/security/console.apps/system-config-users for the user & groups app. The general syntax for these files is like this:

USER=root
PROGRAM=/usr/share/system-config-users/system-config-users
SESSION=true

The general idea how to change it to ask for the user password is to add a line that says "UGROUPS=wheel" (where "wheel" is the name of a built-in group commonly used to give sysadmin capabilities to regular users). Then, any user who belongs to the "wheel" group will be asked to give their user password; all other users have to give the root password. Make sure your user belongs to the "wheel" group and you're all set.

On my Fedora 12 system though, all these scripts include /etc/security/console.apps/config-util first. So, my system-config-users script just said this:

. config-util
PROGRAM=/usr/share/system-config-users/system-config-users
SESSION=true

And my config-util file just said USER=root. So, I just added "UGROUPS=wheel" to config-util and now all my graphical admin apps ask me for my user password now, since all these files included config-util.