generally speaking every modern based webgui is working as a client itself against API libs (think about xenorchestra, an npm based xen web management gui, really well done).
I agree that login as root on a linux box (throught cli,gui,webgui) is generally a worst and bad pratice.
What about using Cockpit privilege escalation ? If I remember well, Cockpit permits and manages user privileges escalation through sudo or polkit api. So you do not need to login as root directly, but with a sudoer user, with a limited set of commands available (maybe you could limit commands avail…so you could parse and disallow things like “rm -rf” or cat /etc/password for example).
just my 2c