If you are like me and randomize your root password and rely on sudo to gain administrative privileges, then you might be annoyed at Fedora’s switch to PolicyKit. While on the whole I think it’s a good framework and the right step forward (this opinion was earned after hours of time debugging this problem unfortunately), by default Fedora’s PolicyKit is configured to prompt for the root password. If you have added your own account to the wheel group and granted sudo privileges to that group, this can be quite an annoyance.

You can onfigure PolicyKit to treat the wheel group as administrator by:


[you@localhost /]$ (cat <<EOF
[Configuration]
AdminIdentities=unix-user:0;unix-group:wheel
EOF
) > /etc/polkit-1/localauthority.conf.d/99-wheel-policy.conf


This policy will override other policies (well, granted you have no policies numbered greater than ‘99’!).

Unfortunately PolicyKit support requires explicit cooperation from applications, and many applications have not yet been updated to integrate with PolicyKit. Notably, the gnome system control applets (system-config-*) all still go through the old ‘consolehelper’ utility. This utility appears to effectively always prompt for the root password. This distinction is not clear at all to the casual user, and it took me hours to realize that no amount of PolicyKit reconfiguration was going to make these apps work.