Locking the root account

Hello, I want to completely lock the root account
account, similar to how it is done in ubuntu.
What I have already done:

  1. added the user to the wheel group
    sudo usermod -aG wheel username
  2. changed /etc/sudoers
    I un commented the line
    %wheel ALL=(ALL) ALL
    I commented out two lines
      # Defaults targetpw # prompt for the password of the target user, i.e. root
      # ALL ALL=(ALL) ALL # WARNING! Only use this with 'defaults targetpw'!
    I added a line at the end of the ‘Defaults specification’ section.
      ## Defaults specification
      Defaults env_keep += "DISPLAY XAUTHORITY"

3 . Changed the authentication rules via PolicyKit, created a rule /etc/polkit-1/rules.d/40-default.rules

polkit.addAdminRule(function(action, subject) {
     return ["unix-group:wheel"];
  1. created the file /etc/xdg/kdesurc with the following contents:

When I change the networking settings via NM I am still prompted for the root password.
Elsewhere, it prompts for the user’s password i.e. when starting yast

What else did I forget to do?

Operating System: openSUSE Tumbleweed 20230318
KDE Plasma Version: 5.27.3
KDE Frameworks Version: 5.104.0
Qt Version: 5.15.8
Kernel Version: 6.2.6-1-default (64-bit)
Graphics Platform: Wayland
Processors: 4 × Intel® Core™ i5-7200U CPU @ 2.50GHz
Memory: 15.5 ГиБ of RAM
Graphics Processor: Mesa Intel® HD Graphics 620
Manufacturer: HP
Product Name: HP ProBook 450 G4

As the openSUSE policy is different from what ubuntu does and different from what you want, I think people here are not the best source of information on how you should emulate ubuntu. Isn’t it better to ask on a ubuntu forums how it is done there?

This security model is also used by Fedora and maybe someone has already done it on openSUSE. Thank you for your response.

NetworkManager is using polkit which expects you to authenticate as admin user. By default, admin user is root, you can add admin identities using polkit rules. Example directly from man polkit

polkit.addAdminRule(function(action, subject) {
    return ["unix-group:wheel"];

Ubuntu is using incompatible version of polkit so any answer there won’t apply to openSUSE. And polkit is not something specific to Ubuntu.

I cannot reproduce it. When I add your 40-default.rules file and modify system connections as user belonging to wheel group I am asked for the password of this user. Your description is rather vague - first you refer to “user”, then you say “I change” and it is unclear whether you mean the same Linux user in both cases or not.