Why does openSUSE repeatedly ask for passwords?

Hello!
Why does openSUSE often need root access to get things done?
for example:
Connect to vpn
Shutdown the system with systemctl
Or see the status of services!
Why can’t I use a series of commands without sudo in this distribution? This is not the case in other distributions.
Is there a way to fix this?

sudo is not su in openSUSE…

different commands…

I think I should say simpler:
Why does the following command in opensuse need sudo? :
systemctl poweroff
I had other distributions, but many of the commands there did not require sudo.

Hi
As the administrator of the openSUSE system, you need to configure to your requirements, whether that’s via sudo or other methods.

You did not explain how you access your system, you did not explain what desktop environment you are using (assuming you are using desktop environment), so what response do you expect?

I do not need sudo to run this command in openSUSE.

Honestly, this sounds more like flame bait.

You are right, im so sorry.
I’m using a GNOME desktop and I’m a regular user, I set up the “systemctl poweroff” command in gsconnect to turn off my computer if necessary.
In other distributions (like ubuntu, arch and etc) often did not require sudo to execute this command, but opensuse requires sudo to execute this command.
Is there a solution to this problem??

Yes, you are right,
I’m new in openSUSE and I want to know why it’s different.

Same here (Leap 15.3), first time. Whoops is that fast. rotfl!
FWIW, I have never set up “systemctl shutdown” in anyway, just works out of the box.

I don’t know why you do it that way. There should be an icon for power off, usually near the top right of the Gnome screen. You can click on that to shutdown, and the root password is not required for that.

Different distros made by different groups making different choices is a mistery. It’s like they learn how each other work then do it differently on purpose!

Regular users don’t run command line tools. They use the GUI and often that works out of the box. There are exceptions though like YaST.
A standard openSUSE installation draws a more visible line between user and admin. That’s why the root password is often required at the command line. This distinction is artificial for single-user installs but it doesn’t mean it can’t be changed.

In general:
To reduce the need to run commands as root, it helps to add your user to the wheel group.
To reduce the need to type root password when using sudo, then configure NOPASSWD for selected commands in sudoers.

Now, going off-topic, you mention you know how it works in Arch and doesn’t know how to fix, isn’t that something?

Hi
Yes…
https://forums.opensuse.org/attachment.php?attachmentid=1037&stc=1

As someone who uses Debian, Ubuntu and RHEL in various production systems, that’s simply not true.

My working conditions are such that sometimes I have to get away from my computer, I know how to turn off the computer, I did this (shutdown the computer with kdeconnect) for a time when I was away from my computer due to working conditions.

Maybe because we have different working conditions and I constantly have to get away from my computer and go to work.

Thank you.
I just wanted to know the reason for this difference, your explanation was helpful.
thanks again.

Ok.
I entered the following command today to view the status of the tor service:

systemctl status tor.service

I saw this message in the last output line:
Warning: some journal files were not opened due to insufficient permissions.
As a result, I have to import journals with sudo to view them.


I connect to vpn using the openvpn config.
When I click connect, it asks me for a password.


I was wondering why sudo should be used in this distribution for a series of commands, whereas in ubuntu this was not the case.
I love the openSUSE distribution and appreciate the community effort.
Some may think I’m stupid on this topic, but I was just curious.
Thank you all.

In my experience, shutting down from the command line has always required root.

Likewise, making network changes on linux has normally required root, unless you are running “NetworkManager” to manage the network. And that’s as it should be. There might be many people logged in, and an unprivileged user should not be able to mess with the system. But if this is intended as a single-user desktop (or laptop) system, then you should use NetworkManager for the network, and as far as I know, that allows you to do most things without root.

I do not know what gsconnect is. “systemctl poweroff” works in terminal emulator of regular user logged in GNOME desktop on local seat. No special configuration needed.

The screenshot in the message to which you are apparently replying does show NetworkManager requiring authorization. You sound as if NetworkManager has some built-in magic which it does not.

NetworkManager allows user to perform exactly those actions which are allowed. What is allowed is defined by PolicyKit configuration. It looks like OP has chosen “secure” or “paranoid” permissions which implicitly changes PolicyKit default configuration to be more restrictive. Or may be OP has explicitly set more restrictive PolicyKit configuration. Content of /etc/sysconfig/security would certainly be interesting.

In any case, this is not default behavior and OP must have done something to change default. Granted, may be without realizing it.

Have you ever tried to read journalctl man page? You will be surprised - this is the default documented behavior. And it even tells you quite clearly who is allowed to read journal files.

I was wondering why sudo should be used in this distribution for a series of commands, whereas in ubuntu this was not the case.

Because Ubuntu has different defaults.

Tumbleweed relies on polkit. Polkit reads rule files:

**erlangen:~ #** grep -ir vpn /etc/polkit-1/rules.d /usr/share/polkit-1/rules.d 
/etc/polkit-1/rules.d/90-default-privs.rules:           'net.connman.**vpn**.modify': 
/etc/polkit-1/rules.d/90-default-privs.rules:           'net.connman.**vpn**.secret': 
**erlangen:~ #**

Change rules as needed. For details see “man polkit”.