Users of the admin group should have a few policykit settings by default.
E.g. Manage system configuration
Entity: admin
Scope: always
How: Auth as admin (uid 1000)
Constraints: Must be on console, Must be in active session, Must be program /usr/bin/users-admin
Note: You need PolicyKit >= 0.8 for this.
With this example you don't need to enter your password to configure the users on your system. You only need your password on login (gdm, ssh, etc). Also no malware is allow to manage your system.
Isn't possible for malware to start this application and control it to manage my system configuration?
If this is possible, it would be also possible to control your admin app after you enter your password. So this is no issue.
Sorry, I opened a new idea instead of using idea #10132, but in this idea I can show people that my idea is possible.
