polkit: desabilita todos os usuários, exceto aqueles na roda do grupo?

É possível fazer o seguinte usando 1 arquivo polkit .pkla?

1. Desabilitar todos os usuários, exceto os do grupo wheel, de usar o polkit.
2. Os usuários no grupo de rodas precisarão fornecer a senha de root ao usar o polkit.

/etc/polkit-1/localauthority/50-local.d/99-wheel-only.pkla

[disable all users except the wheel group]
Identity=unix-group:wheel
Action=*
ResultAny=???
ResultInactive=???
ResultActive=???

O seguinte arquivo funciona, mas você precisa fornecer todos os usuários em / etc / group:

[disable all users except those in the wheel group: root and myuser]
Identity=unix-user:daemon;unix-user:bin;unix-user:sys;unix-user:adm;unix-user:tty;unix-user:disk;unix-user:lp;unix-user:mail;unix-user:news;unix-user:uucp;unix-user:man;unix-user:proxy;unix-user:kmem;unix-user:dialout;unix-user:fax;unix-user:voice;unix-user:cdrom;unix-user:floppy;unix-user:tape;unix-user:sudo;unix-user:audio;unix-user:dip;unix-user:www-data;unix-user:backup;unix-user:operator;unix-user:list;unix-user:irc;unix-user:src;unix-user:gnats;unix-user:shadow;unix-user:utmp;unix-user:video;unix-user:sasl;unix-user:plugdev;unix-user:staff;unix-user:games;unix-user:users;unix-user:nogroup;unix-user:libuuid;unix-user:crontab;unix-user:messagebus;unix-user:Debian-exim;unix-user:mlocate;unix-user:avahi;unix-user:netdev;unix-user:bluetooth;unix-user:lpadmin;unix-user:ssl-cert;unix-user:fuse;unix-user:utempter;unix-user:Debian-gdm;unix-user:scanner;unix-user:saned;unix-user:i2c;unix-user:haldaemon;unix-user:powerdev
Action=*
ResultAny=no
ResultInactive=no
ResultActive=no