Adding upstream version 2.9.4.upstream/2.9.4

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 183 insertions, 0 deletions

diff --git a/src/man/sssd-files.5.xml b/src/man/sssd-files.5.xml
new file mode 100644
index 0000000..a9e5397
--- /dev/null
+++ b/src/man/sssd-files.5.xml
@@ -0,0 +1,183 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE reference PUBLIC "-//OASIS//DTD DocBook V4.4//EN"
+"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
+<reference>
+<title>SSSD Manual pages</title>
+<refentry>
+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/upstream.xml" />
+
+    <refmeta>
+        <refentrytitle>sssd-files</refentrytitle>
+        <manvolnum>5</manvolnum>
+        <refmiscinfo class="manual">File Formats and Conventions</refmiscinfo>
+    </refmeta>
+
+    <refnamediv id='name'>
+        <refname>sssd-files</refname>
+        <refpurpose>SSSD files provider</refpurpose>
+    </refnamediv>
+
+    <refsect1 id='description'>
+        <title>DESCRIPTION</title>
+        <para>
+            This manual page describes the files provider
+            for
+            <citerefentry>
+                <refentrytitle>sssd</refentrytitle>
+                <manvolnum>8</manvolnum>
+            </citerefentry>.
+            For a detailed syntax reference, refer to the <quote>FILE FORMAT</quote> section of the
+            <citerefentry>
+                <refentrytitle>sssd.conf</refentrytitle>
+                <manvolnum>5</manvolnum>
+            </citerefentry> manual page.
+        </para>
+        <para>
+            The files provider mirrors the content of the
+            <citerefentry>
+                <refentrytitle>passwd</refentrytitle>
+                <manvolnum>5</manvolnum>
+            </citerefentry>
+            and
+            <citerefentry>
+                <refentrytitle>group</refentrytitle>
+                <manvolnum>5</manvolnum>
+            </citerefentry>
+            files. The purpose of the files provider is to make the users
+            and groups traditionally only accessible with NSS interfaces
+            also available through the SSSD interfaces such as
+            <citerefentry>
+                <refentrytitle>sssd-ifp</refentrytitle>
+                <manvolnum>5</manvolnum>
+            </citerefentry>.
+        </para>
+        <para>
+            Another reason is to provide efficient caching of local users and groups.
+        </para>
+        <para>
+            Please note that besides explicit domain definition the files provider
+            can be configured also implicitly using 'enable_files_domain' option. See
+            <citerefentry>
+                <refentrytitle>sssd.conf</refentrytitle>
+                <manvolnum>5</manvolnum>
+            </citerefentry> for details.
+        </para>
+        <para>
+            SSSD never handles resolution of user/group "root". Also resolution of
+            UID/GID 0 is not handled by SSSD. Such requests are passed to next
+            NSS module (usually files).
+        </para>
+        <para>
+            When SSSD is not running or responding, nss_sss returns the UNAVAIL code
+            which causes the request to be passed to the next module.
+        </para>
+    </refsect1>
+
+    <refsect1 id='configuration-options'>
+        <title>CONFIGURATION OPTIONS</title>
+        <para>
+            In addition to the options listed below, generic SSSD domain options
+            can be set where applicable.
+            Refer to the section <quote>DOMAIN SECTIONS</quote> of the
+            <citerefentry>
+                <refentrytitle>sssd.conf</refentrytitle>
+                <manvolnum>5</manvolnum>
+            </citerefentry> manual page for details on the configuration
+            of an SSSD domain. But the purpose of the files provider is
+            to expose the same data as the UNIX files, just through the
+            SSSD interfaces. Therefore not all generic domain options are
+            supported. Likewise, some global options, such as overriding
+            the shell in the <quote>nss</quote> section for all domains
+            has no effect on the files domain unless explicitly specified
+            per-domain.
+            <variablelist>
+                <varlistentry>
+                    <term>passwd_files (string)</term>
+                    <listitem>
+                        <para>
+                            Comma-separated list of one or multiple password
+                            filenames to be read and enumerated by the files
+                            provider, inotify monitor watches will be set on
+                            each file to detect changes dynamically.
+                        </para>
+                        <para>
+                            Default: /etc/passwd
+                        </para>
+                    </listitem>
+                </varlistentry>
+
+                <varlistentry>
+                    <term>group_files (string)</term>
+                    <listitem>
+                        <para>
+                            Comma-separated list of one or multiple group
+                            filenames to be read and enumerated by the files
+                            provider, inotify monitor watches will be set on
+                            each file to detect changes dynamically.
+                        </para>
+                        <para>
+                            Default: /etc/group
+                        </para>
+                    </listitem>
+                </varlistentry>
+
+                <varlistentry>
+                    <term>fallback_to_nss (boolean)</term>
+                    <listitem>
+                        <para>
+                            While updating the internal data SSSD will return an
+                            error and let the client continue with the next NSS
+                            module. This helps to avoid delays when using the
+                            default system files
+                            <filename>/etc/passwd</filename> and
+                            <filename>/etc/group</filename> and the NSS
+                            configuration has 'sss' before 'files' for the
+                            'passwd' and 'group' maps.
+                        </para>
+                        <para>
+                            If the files provider is configured to monitor other
+                            files it makes sense to set this option to 'False'
+                            to avoid inconsistent behavior because in general
+                            there would be no other NSS module which can be used
+                            as a fallback.
+                        </para>
+                        <para>
+                            Default: True
+                        </para>
+                    </listitem>
+                </varlistentry>
+
+            </variablelist>
+        </para>
+    </refsect1>
+
+    <refsect1 id='example'>
+        <title>EXAMPLE</title>
+        <para>
+            The following example assumes that SSSD is correctly
+            configured and files is one of the domains in the
+            <replaceable>[sssd]</replaceable> section.
+        </para>
+        <para>
+<programlisting>
+[domain/files]
+id_provider = files
+</programlisting>
+        </para>
+        <para>
+            To leverage caching of local users and groups by SSSD
+            nss_sss module must be listed before nss_files module
+            in /etc/nsswitch.conf.
+        </para>
+        <para>
+<programlisting>
+passwd:     sss files
+group:      sss files
+</programlisting>
+        </para>
+    </refsect1>
+
+        <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/seealso.xml" />
+
+</refentry>
+</reference>