Comment 6 for bug 358086

Assuming that there is no root account is fine; however, it seems patently obvious that the best (and most foolproof, failsafe, and otherwise appropriate) method for checking the user's root privileges is to -not- have the application setuid as root by default and launch policykit through gksu(do) like many/most of the other administrative applications. Let me point out that this restriction would in no way hamper any functionality that already exists in gnome-policykit, while simultaneously increasing security significantly.

Yes, my concern is also that the users and groups tool allows non-root users to edit - and consequently assume - root access without needing to go through my system's inherent security measures.

I understand that a "stock" system - out of box - will not be affected since the default user both has sudo privileges and policykit rights. However, it is folly to let the user's security depend on such arbitrary factors - the scenario in which one sets up a machine for another person, creates an administrator account, and then disables sudo for the initial account comes to mind. The solution I propose would account for this perfectly.