1oddjobd.conf(5)               File Formats Manual              oddjobd.conf(5)
2
3
4

NAME

6       oddjobd.conf - configuration for oddjobd
7
8

DESCRIPTION

10       The  /etc/oddjobd.conf  configuration file specifies which services the
11       oddjobd server provides over the D-Bus, and authorization  rules  which
12       are enforced in addition to those enforced by the system message bus.
13
14       The  configuration file is an XML document.  The top-level element type
15       is <oddjobconfig>, which contains one or more <service> elements.  Each
16       <service> describes a service which will be provided on the system-wide
17       message bus.
18
19       Each <object> describes an object path which will will be recognized by
20       the specified service.  The object path may include wildcards, in which
21       case any call to an object with a path name which matches the specified
22       path will be accepted.  An object contains one or more <interface> ele‐
23       ments, each of which describes a group of methods described in <method>
24       elements.
25
26       Each  <method>  element must specify the method name as a value for its
27       name attribute and may include a <helper> element which the name of  an
28       executable  to  run  as  its exec attribute and the number of arguments
29       which will be expected from the D-Bus client and passed to  the  helper
30       as  its  argument_count  attribute.   The <helper>'s exec attribute can
31       include one or more command line arguments,  separated  from  the  exe‐
32       cutable by whitespace.  A <helper> may also include attributes indicat‐
33       ing whether or not the invoking user's name should be prepended to  the
34       list   of   arguments   received   as   part   of   the  D-Bus  request
35       (prepend_user_name, with recognized values "yes" or "no"), and  whether
36       that  set of arguments should be passed in to the helper via stdin (the
37       default) or on its command line (argument_passing_method,  with  recog‐
38       nized values "stdin" and "cmdline").
39
40       Each <oddjobconfig>, <service>, <object>, <interface>, or <method> ele‐
41       ment may also include authorization elements <allow> and <deny>.   Each
42       <allow> or <deny> rule specifies some combination of a user name and/or
43       a UID range which the invoking user must match for the rule  to  apply.
44       A  rule  can  also specify the caller's SELinux context, user, role, or
45       execution domain, and be applied or not based on whether or not  policy
46       is  being enforced.  All <deny> rules for the method are checked first,
47       followed by all of its <allow> rules.  If no  matches  are  found,  the
48       <deny>  rules  for the containing <interface> element are checked, fol‐
49       lowed by its <allow> rules, and so on.  If all ACLs are searched and no
50       matches turn up, access is denied.
51
52       The oddjobd server will automatically supply information used by the D-
53       Bus introspection mechanism on behalf of your objects, but only if  the
54       client  which  is  requesting  the information is allowed to invoke the
55       Introspect method of the org.freedesktop.DBus.Introspectable  interface
56       provided by the object.
57
58       The  configuration  file  may  also indicate that the contents of other
59       files should be read by the configuration parser,  using  an  <include>
60       element.
61
62

EXAMPLES

64       Here is an example file:
65        <?xml version="1.0"?>
66        <oddjobconfig/>
67
68       Another:
69        <?xml version="1.0"?>
70        <oddjobconfig>
71         <allow user="wally"/>
72         <service name="com.redhat.oddjob">
73          <allow user="polly"/>
74          <object name="/com/redhat/oddjob">
75           <allow user="holly"/>
76           <interface name="com.redhat.oddjob">
77            <allow user="bob"/>
78            <method name="pwd">
79             <helper             exec="/bin/pwd"            argument_count="0"
80       prepend_user_name="no"/>
81             <allow user="jimmy"/>
82             <allow user="billy"/>
83             <allow min_uid="0" max_uid="1000"/>
84            </method>
85            <method name="reboot">
86             <helper exec="/sbin/reboot" argument_count="0"/>
87            </method>
88            <method name="flush-nscd">
89             <helper exec="/sbin/nscd -i  passwd  -i  group  -i  hosts"  argu‐
90       ment_count="0"/>
91            </method>
92           </interface>
93           <interface name="org.freedesktop.DBus.Introspectable">
94            <allow min_uid="0" max_uid="0"/>
95           </interface>
96          </object>
97         </service>
98         <include ignore_missing="yes">/etc/oddjobd-local.conf</include>
99         <include ignore_missing="yes">/etc/oddjobd.conf.d/*.conf</include>
100        </oddjobconfig>
101
102       And another:
103        <?xml version="1.0"?>
104        <oddjobconfig>
105         <service name="com.example.management">
106          <object name="/com/example/power">
107           <interface name="com.example.shutdown">
108            <method name="reboot">
109             <allow user="root"/>
110             <helper exec="/sbin/reboot" argument_count="0"/>
111            </method>
112           </interface>
113           <interface name="org.freedesktop.DBus.Introspectable">
114            <allow min_uid="0" max_uid="0"/>
115           </interface>
116          </object>
117          <object name="/com/example/power">
118           <interface name="com.example.shutdown">
119            <method name="poweroff">
120             <allow user="root"/>
121             <helper exec="/sbin/poweroff" argument_count="0"/>
122            </method>
123           </interface>
124           <interface name="org.freedesktop.DBus.Introspectable">
125            <allow min_uid="0" max_uid="0"/>
126           </interface>
127          </object>
128         </service>
129        </oddjobconfig>
130
131

SEE ALSO

133       oddjob_request(1) oddjob.conf(5) oddjobd(8)
134
135
136
137oddjob Manual                    24 June 2015                  oddjobd.conf(5)
Impressum