2 files changed, 28 insertions, 0 deletions

diff --git a/doc/guix.texi b/doc/guix.texi
index 661aa41785..0a7713e7ac 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -15591,6 +15591,13 @@ capabilities to ordinary users.  For example, an ordinary user can be granted
 the capability to suspend the system if the user is logged in locally.
 @end deffn
 
+@defvr {Scheme Variable} polkit-wheel-service
+Service that adds the @code{wheel} group as admins to the Polkit
+service.  This makes it so that users in the @code{wheel} group are queried
+for their own passwords when performing administrative actions instead of
+@code{root}'s, similar to the behaviour used by @code{sudo}.
+@end defvr
+
 @defvr {Scheme Variable} upower-service-type
 Service that runs @uref{https://upower.freedesktop.org/, @command{upowerd}}, a
 system-wide monitor for power consumption and battery levels, with the given
diff --git a/gnu/services/desktop.scm b/gnu/services/desktop.scm
index 0152e86e8a..9eee2fa485 100644
--- a/gnu/services/desktop.scm
+++ b/gnu/services/desktop.scm
@@ -135,6 +135,8 @@
             inputattach-configuration?
             inputattach-service-type
 
+            polkit-wheel-service
+
             %desktop-services))
 
 ;;; Commentary:
@@ -1066,6 +1068,25 @@ dispatches events from it.")))
 
 
 ;;;
+;;; polkit-wheel-service -- Allow wheel group to perform admin actions
+;;;
+
+(define polkit-wheel
+  (file-union
+   "polkit-wheel"
+   `(("share/polkit-1/rules.d/wheel.rules"
+      ,(plain-file
+        "wheel.rules"
+        "polkit.addAdminRule(function(action, subject) {
+    return [\"unix-group:wheel\"];
+});
+")))))
+
+(define polkit-wheel-service
+  (simple-service 'polkit-wheel polkit-service-type (list polkit-wheel)))
+
+
+;;;
 ;;; The default set of desktop services.
 ;;;