dbus/bus/system.conf.in

<!-- This configuration file controls the systemwide message bus.
     Add a system-local.conf and edit that rather than changing this 
     file directly. -->

<!-- Note that there are any number of ways you can hose yourself
     security-wise by screwing up this file; in particular, you
     probably don't want to listen on any more addresses, add any more
     auth mechanisms, run as a different user, etc. -->

<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
 "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>

  <!-- Our well-known bus type, do not change this -->
  <type>system</type>

  <!-- Run as special user -->
  <user>messagebus</user>

  <!-- Fork into daemon mode -->
  <fork/>

  <!-- Write a pid file -->
  <pidfile>@DBUS_SYSTEM_PID_FILE@</pidfile>

  <!-- Only allow socket-credentials-based authentication -->
  <auth>EXTERNAL</auth>

  <!-- Only listen on a local socket -->
  <listen>unix:path=@DBUS_SYSTEM_SOCKET@</listen>

  <policy context="default">
    <!-- Deny everything then punch holes -->
    <deny send="*"/>
    <deny receive="*"/>
    <deny own="*"/>
    <!-- But allow all users to connect -->
    <allow user="*"/>
    <!-- Allow anyone to talk to the message bus -->
    <allow send_to="org.freedesktop.DBus"/>
    <allow receive_from="org.freedesktop.DBus"/>
  </policy>

  <!-- Config files are placed here that among other things, punch 
       holes in the above policy for specific services. -->
  <includedir>system.d</includedir>

  <!-- This is included last so local configuration can override what's 
       in this standard file -->
  <include ignore_missing="yes">system-local.conf</include>

</busconfig>