1oddjobd.conf(5)               File Formats Manual              oddjobd.conf(5)
2
3
4

NAME

6       oddjobd.conf - configuration for oddjobd
7
8

DESCRIPTION

10       The  /etc/oddjobd.conf  configuration file specifies which services the
11       oddjobd server provides over the D-Bus, and authorization  rules  which
12       are enforced in addition to those enforced by the system message bus.
13
14       The  configuration file is an XML document.  The top-level element type
15       is <oddjobconfig>, which contains one or more <service> elements.  Each
16       <service> describes a service which will be provided on the system-wide
17       message bus.
18
19       Each <object> describes an object path which will will be recognized by
20       the specified service.  The object path may include wildcards, in which
21       case any call to an object with a path name which matches the specified
22       path will be accepted.  An object contains one or more <interface> ele‐
23       ments, each of which describes a group of methods described in <method>
24       elements.
25
26       Each  <method>  element must specify the method name as a value for its
27       name attribute and may include a <helper> element which the name of  an
28       executable  to  run  as  its exec attribute and the number of arguments
29       which will be passed to  the  helper  as  its  argument  attribute.   A
30       <helper>  may  also  include  attributes  indicating whether or not the
31       invoking user's name should be prepended to  that  argument  list,  and
32       whether  that argument list should be passed in to the helper via stdin
33       (the default) or on its command line.
34
35       Each <oddjobconfig>, <service>, <object>, <interface>, or <method> ele‐
36       ment  may also include authorization elements <allow> and <deny>.  Each
37       <allow> or <deny> rule specifies some combination of a user name and/or
38       a  UID  range which the invoking user must match for the rule to apply.
39       A rule can also specify the caller's SELinux context,  user,  role,  or
40       execution  domain, and be applied or not based on whether or not policy
41       is being enforced.  All <deny> rules for the method are checked  first,
42       followed  by  all  of  its <allow> rules.  If no matches are found, the
43       <deny> rules for the containing <interface> element are  checked,  fol‐
44       lowed by its <allow> rules, and so on.  If all ACLs are searched and no
45       matches turn up, access is denied.
46
47       The oddjobd server will automatically supply information used by the D-
48       Bus  introspection mechanism on behalf of your objects, but only if the
49       client which is requesting the information is  allowed  to  invoke  the
50       Introspect  method of the org.freedesktop.DBus.Introspectable interface
51       provided by the object.
52
53       The configuration file may also indicate that  the  contents  of  other
54       files  should  be  read by the configuration parser, using an <include>
55       element.
56
57

EXAMPLES

59       Here is an example file:
60        <?xml version="1.0"?>
61        <oddjobconfig/>
62
63       Another:
64        <?xml version="1.0"?>
65        <oddjobconfig>
66         <allow user="wally"/>
67         <service name="com.redhat.oddjob">
68          <allow user="polly"/>
69          <object name="/com/redhat/oddjob">
70           <allow user="holly"/>
71           <interface name="com.redhat.oddjob">
72            <allow user="bob"/>
73            <method name="pwd">
74             <helper            exec="/bin/pwd"             argument_count="0"
75       prepend_user_name="no"/>
76             <allow user="jimmy"/>
77             <allow user="billy"/>
78             <allow min_uid="0" max_uid="1000"/>
79            </method>
80            <method name="reboot">
81             <helper exec="/sbin/reboot" argument_count="0"/>
82            </method>
83           </interface>
84           <interface name="org.freedesktop.DBus.Introspectable">
85            <allow min_uid="0" max_uid="0"/>
86           </interface>
87          </object>
88         </service>
89         <include ignore_missing="yes">/etc/oddjobd-local.conf</include>
90         <include ignore_missing="yes">/etc/oddjobd.conf.d/*.conf</include>
91        </oddjobconfig>
92
93       And another:
94        <?xml version="1.0"?>
95        <oddjobconfig>
96         <service name="com.example.management">
97          <object name="/com/example/power">
98           <interface name="com.example.shutdown">
99            <method name="reboot">
100             <allow user="root"/>
101             <helper exec="/sbin/reboot" argument_count="0"/>
102            </method>
103           </interface>
104           <interface name="org.freedesktop.DBus.Introspectable">
105            <allow min_uid="0" max_uid="0"/>
106           </interface>
107          </object>
108          <object name="/com/example/power">
109           <interface name="com.example.shutdown">
110            <method name="poweroff">
111             <allow user="root"/>
112             <helper exec="/sbin/poweroff" argument_count="0"/>
113            </method>
114           </interface>
115           <interface name="org.freedesktop.DBus.Introspectable">
116            <allow min_uid="0" max_uid="0"/>
117           </interface>
118          </object>
119         </service>
120        </oddjobconfig>
121
122

SEE ALSO

124       oddjob_request(1) oddjob.conf(5) oddjobd(8)
125
126
127
128oddjob Manual                    5 April 2006                  oddjobd.conf(5)
Impressum