Provided by: oddjob_0.34.6-1_amd64 bug

NAME
       oddjobd.conf - configuration for oddjobd


DESCRIPTION
       The /etc/oddjobd.conf configuration file specifies which services the oddjobd server provides over the D-
       Bus, and authorization rules which are enforced in addition to those enforced by the system message bus.

       The configuration file is an XML document.  The top-level element type is <oddjobconfig>, which  contains
       one or more <service> elements.  Each <service> describes a service which will be provided on the system-
       wide message bus.

       Each <object> describes an object path which will will be  recognized  by  the  specified  service.   The
       object path may include wildcards, in which case any call to an object with a path name which matches the
       specified path will be accepted.  An object contains one or more  <interface>  elements,  each  of  which
       describes a group of methods described in <method> elements.

       Each  <method>  element  must specify the method name as a value for its name attribute and may include a
       <helper> element which the name of an executable to run as its exec attribute and the number of arguments
       which  will  be  expected from the D-Bus client and passed to the helper as its argument_count attribute.
       The <helper>'s exec attribute can include  one  or  more  command  line  arguments,  separated  from  the
       executable  by whitespace.  A <helper> may also include attributes indicating whether or not the invoking
       user's name should be prepended to  the  list  of  arguments  received  as  part  of  the  D-Bus  request
       (prepend_user_name,  with  recognized  values "yes" or "no"), and whether that set of arguments should be
       passed in to the helper via stdin (the default) or on its  command  line  (argument_passing_method,  with
       recognized values "stdin" and "cmdline").

       Each <oddjobconfig>, <service>, <object>, <interface>, or <method> element may also include authorization
       elements <allow> and <deny>.  Each <allow> or <deny> rule specifies  some  combination  of  a  user  name
       and/or a UID range which the invoking user must match for the rule to apply.  A rule can also specify the
       caller's SELinux context, user, role, or execution domain, and be applied or not based on whether or  not
       policy  is  being  enforced.   All  <deny> rules for the method are checked first, followed by all of its
       <allow> rules.  If no matches are found, the <deny> rules for  the  containing  <interface>  element  are
       checked,  followed  by  its  <allow>  rules, and so on.  If all ACLs are searched and no matches turn up,
       access is denied.

       The oddjobd server will automatically supply information used by the  D-Bus  introspection  mechanism  on
       behalf  of  your objects, but only if the client which is requesting the information is allowed to invoke
       the Introspect method of the org.freedesktop.DBus.Introspectable interface provided by the object.

       The configuration file may also indicate that  the  contents  of  other  files  should  be  read  by  the
       configuration parser, using an <include> element.


EXAMPLES
       Here is an example file:
        <?xml version="1.0"?>
        <oddjobconfig/>

       Another:
        <?xml version="1.0"?>
        <oddjobconfig>
         <allow user="wally"/>
         <service name="com.redhat.oddjob">
          <allow user="polly"/>
          <object name="/com/redhat/oddjob">
           <allow user="holly"/>
           <interface name="com.redhat.oddjob">
            <allow user="bob"/>
            <method name="pwd">
             <helper exec="/bin/pwd" argument_count="0" prepend_user_name="no"/>
             <allow user="jimmy"/>
             <allow user="billy"/>
             <allow min_uid="0" max_uid="1000"/>
            </method>
            <method name="reboot">
             <helper exec="/sbin/reboot" argument_count="0"/>
            </method>
            <method name="flush-nscd">
             <helper exec="/sbin/nscd -i passwd -i group -i hosts" argument_count="0"/>
            </method>
           </interface>
           <interface name="org.freedesktop.DBus.Introspectable">
            <allow min_uid="0" max_uid="0"/>
           </interface>
          </object>
         </service>
         <include ignore_missing="yes">/etc/oddjobd-local.conf</include>
         <include ignore_missing="yes">/etc/oddjobd.conf.d/*.conf</include>
        </oddjobconfig>

       And another:
        <?xml version="1.0"?>
        <oddjobconfig>
         <service name="com.example.management">
          <object name="/com/example/power">
           <interface name="com.example.shutdown">
            <method name="reboot">
             <allow user="root"/>
             <helper exec="/sbin/reboot" argument_count="0"/>
            </method>
           </interface>
           <interface name="org.freedesktop.DBus.Introspectable">
            <allow min_uid="0" max_uid="0"/>
           </interface>
          </object>
          <object name="/com/example/power">
           <interface name="com.example.shutdown">
            <method name="poweroff">
             <allow user="root"/>
             <helper exec="/sbin/poweroff" argument_count="0"/>
            </method>
           </interface>
           <interface name="org.freedesktop.DBus.Introspectable">
            <allow min_uid="0" max_uid="0"/>
           </interface>
          </object>
         </service>
        </oddjobconfig>


SEE ALSO
       oddjob_request(1) oddjob.conf(5) oddjobd(8)