I want to have a passwordless user account. My system is encrypted, so there’s no need for me to use two passwords.
However, when I remove my password from /etc/shadow, Gnome keeps asking for that password when I need to change certain settings or use Graphical Applications with elevated privileges (such as GParted).
How do I completely eliminate the need for a password?
I think you can configure polkit to allow any action for your user account, have a look at the example here and the linked documentation:
https://search.nixos.org/options?channel=unstable&show=security.polkit.extraConfig
In general, I wouldn’t recommend this though 
Well, I didn’t understand what exactly I’m supposed to do with the info from that link, would you care to elaborate?
By the way, I don’t think there’s a security concern in not having a password for my user account. My root account has one and the system is encrypted. I’m also the only one using this machine.
EDIT: in case this was not clear, polkit is what’s responsible for those dialogs asking for a password, that’s why we’re looking at the polkit config here.
I think you could add something like this:
{
config = {
security.polkit.extraConfig = ''
polkit.addRule(function(action, subject) {
if subject.isInGroup("wheel") return "yes";
});
'';
};
}
Which would make polkit grant root access without a password to any user in the wheel group.
What you’re asking for is basically circumventing the root password on your machine, since you want polkit to grant you root privileges without any password.
An alternative would be to have polkit ask for the root password instead, which would be more secure.
Also, the disk encryption only protects you when your system is either powered off or hibernated, when it’s turned on or suspended, anyone can simply access your account since it doesn’t have a password. But of course it’s up to you to evaluate this risk given how you use this system etc.
If polkit asked for the root password, that would be okay-ish. The problem is that it asks for my user password, not the root one. I don’t have and don’t want to use a password for my regular user account. My root account has a password.
The problem that arises then is that it keeps asking for a password that does not exist.
Either way, I’ll try this snippet you linked.
By the way, I am using linux for a couple decades now, these so-called risks are much more hypothetical than real. No one is gonna try to access my computer while it’s on. But thanks for the reminder.
I’m coming back in a minute to see if the polkit trick worked, many thanks.
If you’d prefer to be asked for the root password, you can just set
security.polkit.adminIdentities = [ ];
The default is to consider members of wheel as admins, so that for those users polkit will ask for the password of the user instead of the root password. If you set an empty list instead, then no-one except root will be considered an admin (by polkit) and so you will always be asked for the root password.
Funnily enough, after adding the first snippet your mentioned and rebooting the system, it began to ask for the root password instead of the user password.
I’ll change it to this last line instead to avoid any confusion, thanks.
Either way, problem solved, many thanks.