I like to hardened security of my system (Fedora Linux).
I want to make any new user account created will be by default has no any admin power at all. I mean by that has no su/sudo/polkit powers & unable to use any of them.
Regarding sudo we have no problem in Fedora because it is always configured in such a way that any newly created user account will not be by default in wheel group
Regarding su, we can manage it as easy as such:
sudo vi /etc/pam.d/su
then uncomment the following line:
#auth required pam_wheel.so use_uid
auth required pam_wheel.so use_uid
then save & exit & finally reboot
The problem is with polkit, because by default any new user account created on Fedora will be able to use, for example GNOME center, to install new software even if it has neither sudo nor su access … This is great problem …
I need to now how can I make Fedora to prevent by default any newly created user account from being able to use polkit (& subsequently block any backend like PackageKit or frontend like GNOME software that depend on it from use it) at all.