Added Upstart.conf file to give web user permission to run services

2015-01-08 10:07:22 -05:00 · 2015-01-08 10:07:22 -05:00 · d7dd381ec3
parent a790527e67
commit d7dd381ec3
1 changed files with 71 additions and 0 deletions
--- a/installer/lib/Upstart.conf
+++ b/installer/lib/Upstart.conf
@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE busconfig PUBLIC
+  "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+  "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+
+<busconfig>
+  <!-- Only the root user can own the Upstart name -->
+  <policy user="root">
+    <allow own="com.ubuntu.Upstart" />
+  </policy>
+
+  <!-- Permit the root user to invoke all of the methods on Upstart, its jobs
+       or their instances, and to get and set properties. -->
+  <policy user="root">
+    <allow send_destination="com.ubuntu.Upstart"
+       send_interface="org.freedesktop.DBus.Properties" />
+
+    <allow send_destination="com.ubuntu.Upstart"
+       send_interface="com.ubuntu.Upstart0_6" />
+    <allow send_destination="com.ubuntu.Upstart"
+       send_interface="com.ubuntu.Upstart0_6.Job" />
+    <allow send_destination="com.ubuntu.Upstart"
+       send_interface="com.ubuntu.Upstart0_6.Instance" />
+  </policy>
+
+  <!-- Allow any user to introspect Upstart's interfaces, to obtain the
+       values of properties (but not set them) and to invoke selected
+       methods on Upstart and its jobs that are used to walk information. -->
+  <policy context="default">
+    <allow send_destination="com.ubuntu.Upstart"
+       send_interface="org.freedesktop.DBus.Introspectable" />
+
+    <allow send_destination="com.ubuntu.Upstart"
+       send_interface="org.freedesktop.DBus.Properties"
+       send_type="method_call" send_member="Get" />
+    <allow send_destination="com.ubuntu.Upstart"
+       send_interface="org.freedesktop.DBus.Properties"
+       send_type="method_call" send_member="GetAll" />
+
+    <allow send_destination="com.ubuntu.Upstart"
+       send_interface="com.ubuntu.Upstart0_6"
+       send_type="method_call" send_member="GetJobByName" />
+    <allow send_destination="com.ubuntu.Upstart"
+       send_interface="com.ubuntu.Upstart0_6"
+       send_type="method_call" send_member="GetAllJobs" />
+
+    <allow send_destination="com.ubuntu.Upstart"
+       send_interface="com.ubuntu.Upstart0_6.Job"
+       send_type="method_call" send_member="GetInstance" />
+    <allow send_destination="com.ubuntu.Upstart"
+       send_interface="com.ubuntu.Upstart0_6.Job"
+       send_type="method_call" send_member="GetInstanceByName" />
+    <allow send_destination="com.ubuntu.Upstart"
+       send_interface="com.ubuntu.Upstart0_6.Job"
+       send_type="method_call" send_member="GetAllInstances" />
+  </policy>
+  
+  <!-- Permit the root user to invoke all of the methods on Upstart, its jobs
+       or their instances, and to get and set properties. -->
+  <policy user="WEB_USER">
+    <allow send_destination="com.ubuntu.Upstart"
+       send_interface="org.freedesktop.DBus.Properties" />
+
+    <allow send_destination="com.ubuntu.Upstart"
+       send_interface="com.ubuntu.Upstart0_6" />
+    <allow send_destination="com.ubuntu.Upstart"
+       send_interface="com.ubuntu.Upstart0_6.Job" />
+    <allow send_destination="com.ubuntu.Upstart"
+       send_interface="com.ubuntu.Upstart0_6.Instance" />
+  </policy>
+</busconfig>