oddjob 0.34.3-2 / etc / oddjobd.conf

This file is indexed.

/etc/oddjobd.conf is in oddjob 0.34.3-2.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
<?xml version="1.0"?>

<!-- This configuration file controls the oddjob daemon.  It controls
     which requests the daemon will recognize, and whether or not it
     will attempt to fulfill them on the behalf of particular users.

     Each <oddjobconfig> contains a mixture of <service> and <include> nodes.
 
     Each <service> element corresponds to a well-known D-Bus address (given
     in the "name" attribute) which the oddjobd daemon will answer to.  It
     may contain one or more <object> elements which each describe an object
     path.  Each <object>, in turn, is named by its "name" attribute.

     Each <object> element must also contain zero or more <interface>
     elements, which are named by their "name" attributes and correspond to
     names of interfaces which the object implements.

     Each <interface> element must contain zero or more <method>
     elements, which are named by their "name" attributes.  Each
     <method> node corresponds to a D-Bus method implemented by the
     object as part of the interface.

     Each method must include an access-control list which contains at
     least one rule, or the daemon will ignore any attempts to call the
     method.

     When checking if a client is allowed to use a method, all deny
     rules are processed, then all allow rules.  The first rule which
     matches the user decides whether access is allowed or denied.

     Access rules can specify either a user (using the "user"
     attribute), or a range of UIDs (using the "min_uid" and "max_uid"
     attributes).

     If SELinux support was compiled in, then a rule can also specify
     whether or not it applies if the SELinux policy is being enforced
     ("selinux_enforcing"), or what the caller's SELinux context
     ("selinux_context"), user ("selinux_user"), role ("selinux_role"),
     or type ("selinux_type") must be for that rule to apply.

     A method may, as part of its definition, specify an external
     program which is to be run when the method is invoked, by including
     a <helper> node.  The <helper> node should include an "exec"
     attribute naming the external program which will be launched to
     accomplish the given task.  Depending on the value of its
     "argument_passing_method" attribute, it will receive its arguments
     either over stdin, one argument per line, or on the command line.
     Depending on the value of the "prepend_user_name" attribute, the
     argument list may or may not begin with the calling user's name.
     The helper will be run with superuser privileges.
 
     Here's what an example /etc/oddjobd.conf.d/crontabs.conf might
     look like, allowing either users with either UID=0 or the staff_r role to
     run the regularly scheduled cron jobs at will:

     <oddjobconfig>
       <service name="com.redhat.periodic_cron">
         <allow user="root"/>
         <allow selinux_enforcing="yes" selinux_role="staff_r"/>
         <object name="/cron/hourly">
           <interface name="com.redhat.periodic_run">
             <method name="run">
               <helper exec="/usr/bin/run-parts /etc/cron.hourly"
                       arguments="0"/>
             </method>
           </interface>
         </object>
         <object name="/cron/daily">
           <interface name="com.redhat.periodic_run">
             <method name="run">
               <helper exec="/usr/bin/run-parts /etc/cron.daily"
                       arguments="0"/>
             </method>
           </interface>
         </object>
         <object name="/cron/weekly">
           <interface name="com.redhat.periodic_run">
             <method name="run">
               <helper exec="/usr/bin/run-parts /etc/cron.weekly"
                       arguments="0"/>
             </method>
           </interface>
         </object>
         <object name="/cron/monthly">
           <interface name="com.redhat.periodic_run">
             <method name="run">
               <helper exec="/usr/bin/run-parts /etc/cron.monthly"
                       arguments="0"/>
             </method>
           </interface>
         </object>
       </service>
     </oddjobconfig>

  -->

<oddjobconfig>

  <service name="com.redhat.oddjob">
    <object name="/com/redhat/oddjob">
      <interface name="com.redhat.oddjob">

        <method name="listall">
          <allow min_uid="0" max_uid="0"/>
        </method>

        <method name="list">
          <allow/>
        </method>

        <method name="quit">
          <allow user="root"/>
        </method>

        <method name="reload">
          <allow user="root"/>
        </method>

      </interface>

    </object>

  </service>

  <!-- Site-specific or other distributed additions. -->
  <include ignore_missing="yes">/etc/oddjobd.conf.d/*.conf</include>

  <!-- Local additions. -->
  <include ignore_missing="yes">/etc/oddjobd-local.conf</include>

</oddjobconfig>

APT Browse - Built by Thomas Orozco.