File: //etc/dbus-1/system.d/oddjob-mkhomedir.conf
<?xml version="1.0"?>
<!DOCTYPE busconfig PUBLIC
"-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
<!-- This configuration file specifies the required security policies
for the oddjob_mkhomedir service to work. It controls which requests
users will be allowed to issue to oddjobd over the bus, which is quite
different from controlling whether or not oddjobd will attempt to
fulfill the request. -->
<!-- Only root can own (provide) the com.redhat.oddjob_mkhomedir service
on the system bus. -->
<policy user="root">
<allow own="com.redhat.oddjob_mkhomedir"/>
</policy>
<!-- Allow anyone to call the introspection methods of any object
provided by the com.redhat.oddjob_mkhomedir service. -->
<policy context="default">
<allow send_destination="com.redhat.oddjob_mkhomedir"
send_interface="org.freedesktop.DBus.Introspectable"/>
</policy>
<!-- Allow anyone to try to call the mkhomedirfor method, which is part of
the "mkhomedir" interface implemented by the "/" object provided
by the com.redhat.oddjob_mkhomedir service. -->
<policy context="default">
<allow send_destination="com.redhat.oddjob_mkhomedir"
send_path="/"
send_interface="com.redhat.oddjob_mkhomedir"
send_member="mkhomedirfor"/>
</policy>
<!-- Allow anyone to try to call the mkmyhomedir method, which is part of
the "mkhomedir" interface implemented by the "/" object provided
by the com.redhat.oddjob_mkhomedir service. -->
<policy context="default">
<allow send_destination="com.redhat.oddjob_mkhomedir"
send_path="/"
send_interface="com.redhat.oddjob_mkhomedir"
send_member="mkmyhomedir"/>
</policy>
</busconfig>