Adding more groups like "flatpak" to allow nonwheel users to do specific privileged tasks?

Currently there are certain things that require a user to be in the wheel group to use them.

I am thinking of mounting and decrypting LUKS SSDs on the PC, or using the partitionmanagers.

I am not sure about the second one, but the first (explicitly two actions: mount & unlock) could be allowed to users in a certain group like this:

polkit.addRule(function(action, subject) {
    if ( == "org.freedesktop.udisks2.encrypted-unlock-system" || == "org.freedesktop.udisks2.filesystem-mount-system" && == true && subject.local == true &&
        subject.isInGroup("diskadmin")) {
        return polkit.Result.YES;

for granting such granular permission, just like with plugdev, flatpak or libvirt permissions, a new group or multiple ones would be needed.

Where would I propose this? Would this be done fedora-wide, or also in RHEL? Would this never reach upstream for… reasons and users would need to do it themselves?


I like the idea, and I assume that you would need to have umount?

Added adb, cups, libvirt

this belongs to the set of “wheel-less” things that need manual config