sudo for polkit
Call me old-fashioned, but I usually configure my systems to have a root account, and I do everything which requires root privileges as root. With one exception: I like to be able to update the system without having to enter a password. All system which I administer are running rolling-release distributions (Arch or Debian Sid/Testing) for which updates are frequent.
For updating from the command line, sudo is the method of choice. Note that neither Arch nor Debian have sudo installed by default. Also note that manual changes are now expected to be placed in a separate file in /etc/sudoers.d instead of directly in /etc/sudoers. To edit this file, use 'visudo -f filename' (don't use an extension, since filenames containing a period "." will be ignored). Everything else is self-explaining.
But what if you're planning to use a front-end which does not respect these settings since it responds to a different framework to control user privileges?
I've encountered this problem with pamac, which listens to polkit. In this case, and as explained in detail by the Arch Wiki, one has to create a custom rule in /etc/polkit-1/rules.d/. To allow, for example, all users in the group wheel to update without having to enter a password, I've put there the following as 49-passwordless-pamac.rules:
/* Allow members of the wheel group to update with pamac * without password authentication, similar to "sudo NOPASSWD:" */ polkit.addRule(function(action, subject) { if ((action.id == "org.manjaro.pamac.commit") && subject.isInGroup("wheel")) { return polkit.Result.YES; } });