In Windows (at least Xp, 7, 10), once you are logged in as an admin, when you make any system changes, just a window (UAC) pops up asking you to confirm, without you having to enter your password.
Cannot Zorin be made to work similarly?
The pop-up window itself may be optional (unless good for security); the main feature is just making the user confirm the system change.
Well as has been stated many times Windows is not GNU/Linux and GNU/Linux is not Windows thankfully. This is why GNU/Linux is more secure than Windows. I suspect you are referring to the Gnome keyring. You can disable this. Pretty sure @Aravisian has recently posted on how to disable this
If you want it to act like Windows, use Windows instead. Linux is different and should be use that way. As @swarfendor437 said there's a reason why Linux is more secure than Windows, it may be annoying for some - but we are some that appreciate that way.
I get it that having to repeatedly type the password with sudo is an additional measure for physical / in person security. But for those that are not worried about that - which I think is a lot of people - how does it make it more secure?
Also, people are tempted to use shorter passwords knowing they will have to type them in so many times during a session.
You could create a root user account. It is not recommended, but it can be done.
Or you can edit etc/sudoers. But on your own risk. It is not recommended. It is best to make a backup copy before you edit the etc/sudoers file. You could instead of editing this file create an entry in etc/sudoers.d and make sure that the file in etc/sudoers is included
(@includedir /etc/sudoers.d) Please be very careful and inform yourself well before you change anything here. An incorrect entry in this file can lock you out of the system.
Another solution than in the links would be to add
"Defaults:USER_NAME !authenticate"
to the sudoers file.
However, editing this file only eliminates the need to enter the password in the terminal. If you want to install/remove software via graphical programs such as Gnome Software or Synaptic or when you want to update programs via software updater, you will still be asked for a password. These queries of GUI apps would then have to be deactivated separately via polkit.
For me personally it is not an issue, and my passwords are not simple. I stick to 16 characters. Then again I can touch type which makes a difference which I learned at Secondary (High) School.
Keep in mind that using sudo is not the same thing as being logged in as an administrator. This command is only a convenient way to ask for permission one time, and is not intended to be used continuously.
Once you've entered your password, you can run sudo without having to re-type it for about 5 minutes, so it won't be too annoying:
Obviously, I recommend against this... it's a security feature. Keep in mind that every time you close the terminal window this timeout disappears. That means that on every new terminal session you still need to type your password at least once.
Using a root account is tempting... but should be used carefully, too. The intended use of that is log in as root, do whatever you need to do, then log out. So, you will still have to type a password at least once (the root user's).
By the way, all of this applies only to terminal sessions, not graphical interactions like with the Software Store. I'm not really sure how to make any of those changes there, or even if you can.
With 3-5 seconds to enter your password, and just 3 times a day, it's about 1...1.5 hours per year, almost 5...8 work days over 40 years!
Collectively, the about 33 million Linux users waste over 30...50 million hours per year typing passwords 
(unless they use much shorter passwords)
And with that out of the way, they go on to waste hundreds of millions of hours doing whatever came after the password, most of it on youtube, reddit or 4chan.
Not that it does anything to mollify someone who wants not to re-enter their password, but my user password is 16 keypresses, my encryption password is 30, and my password manager password is 22.
I'd still rather type than stay in an elevated state.
Do you know where I can start reading about this?
This can be fixed by adding, with sudo visudo:
Defaults timestamp_type=global,
which will make the same countdown ("timestamp") for "sudo" apply across any terminal session (new or concurrent) even at a different "tty" interface/connection
If also change:
Defaults timestamp_timeout=-1
then you don't need to type the passwd again until after reboot.
There really is no such thing as an admin in Linux. The closest thing as such is the "root" user which you do not want to use as your regular session when logging in. Anything else are simply regular users that have permissions to this or that resource.
It's important to understand that Linux is primarily developed for servers, where it's the equivalent of Windows on desktops: everyone uses it. Leaving an unattended session for someone to sneak in and start running commands is a security risk.
Consider also that most sessions are started remotely through SSH, and that servers are usually meant to be running internet-facing services that themselves are vulnerable to attacks.
This is all to say that is not so easy to guarantee that only a few certain people are going to have access, as it would otherwise be on a laptop at home.
But even then, I wouldn't change it. The extra couple of seconds that it takes to type my password is well worth it, in my view.
With these gui apps, access is not controlled via sudo but via policykit (pkexec).
I have found another guide here
, but I am not sure if it works in ubuntu 22.04 and I have no access to my PC at the moment. Unfortunately the posts are pretty old, but perhaps you can find some informations.
https://askubuntu.com/questions/383747/how-to-configure-pkexec-to-not-ask-for-password
https://askubuntu.com/questions/98006/how-do-i-prevent-policykit-from-asking-for-a-password
Please note that you cannot adopt the suggestions in the links 1:1, as some of them refer to older Ubuntu versions and some of them are outdated. Nevertheless, it may help you to find a solution.
For future (Zorin 18), perhaps you can adapt it to work now:
In Zorin 17.3 (ubuntu 22.04) you need to create a .pkla file, in newer versions like ubuntu 24.04 there are rules files.
This was a bit beside the main point, but, as a comment:
I understand where you're coming from given the historical categories of "users" in Linux (root, regular, service...), however, in practice nowadays:
Next is right in my Zorin Settings:
I agree with that, at least because with it, you could run distructive commands without any warning, like the rm -rf /
I browsed a bit the "man" for just "sudo", "sudoers" and I see tons of configurations possible, thus it seems to me it should be possible to morph a bit a Linux distribution to be better suitable for a personal home computer.
Which I think would fall on the shoulders of a Distribution's maintainers?... That aims to make it easier/ more attractive especially to ex-Windows users.
To avoid making accidental changes to the system, I found the Windows's approach of a persistent UAC asking to press yes/no more than enough.
Could also have an option to enable/disable the extra check of the password at every admin-level task.
Yes, it is a common term because the word "administrator" already means something outside of the realm of IT. Comparisons like this are useful to get a good grip of what you mean without having to go too deep into the details, but that doesn't necessarily mean they are accurately used. But anyway, I don't want to get too technical about this.
In Linux you can change plenty of things, and everyone has different needs. I'm simply more in favor of being explicit when it comes to security.
another thing you could check (if you have the know how) is to see if your device have a functional fingerprint reader, if it's the case some good explaination that show you how to use it as "password" after your first unlock of the device.
if not i think there is a way to do this also with a yubikey, so you can use a strong and complicated password only used to unlock the device and maintain an "easy" yet secure "admin / sudo" command
What do you think of this scheme:
use a second, regular/non-admin (non-sudo) user account for any browsing needs, including researching what needs to be downloaded.
From the admin account (sudo-er) - never browse the web, to minimize the chance of infection. Allow the sudo-er to reach into the other account's files, but not the other way around.
Then, for ease of use, copy-paste the (long) password, stored in some file, whenever need sudo in this account.
Would you consider it secure enough?
For added security - store that pass in a usb key that you'd insert when needed.
Yes, and that's pretty much how things work in most Linux distributions by default.
Packages like sudo exist as a convenience to gain temporary access to perform common tasks that require additional permissions more quickly. But traditionally you are supposed to log in into the root user account for that.
The problem is convenience introduces risks, as saw in recent news. But security is not an absolute term and everyone needs to assess whether the risks are worth it or not.
I'd prefer to use a password manager for this, because then the password would be encrypted.
The clipboard is also not a secured place to store passwords, even temporarily, since it can be read by any program. Of course, it might not be a big deal depending on your own use case, etc. But I thought I'd mention it just in case.
Another feature of password managers is that they can simulate key presses for you when used in certain windows, so nothing goes through the clipboard.
Although under Wayland this might be differently, as I seem to remember only the application that is currently focused can read the clipboard. Not sure how that works for background services, however.
But using an external / additional authentication mechanism is always a good idea. Using a Yubikey, for example as mentioned above. Although that needs some configuring, and I'm not sure how that works as I've never used it myself.
