blob: c67909cd17c7d00694ee681ac8820d70cbd33933 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
|
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE reference PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
<reference>
<title>SSSD Manual pages</title>
<refentry>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/upstream.xml" />
<refmeta>
<refentrytitle>sssd-files</refentrytitle>
<manvolnum>5</manvolnum>
<refmiscinfo class="manual">File Formats and Conventions</refmiscinfo>
</refmeta>
<refnamediv id='name'>
<refname>sssd-files</refname>
<refpurpose>SSSD files provider</refpurpose>
</refnamediv>
<refsect1 id='description'>
<title>DESCRIPTION</title>
<para>
This manual page describes the files provider
for
<citerefentry>
<refentrytitle>sssd</refentrytitle>
<manvolnum>8</manvolnum>
</citerefentry>.
For a detailed syntax reference, refer to the <quote>FILE FORMAT</quote> section of the
<citerefentry>
<refentrytitle>sssd.conf</refentrytitle>
<manvolnum>5</manvolnum>
</citerefentry> manual page.
</para>
<para>
The files provider mirrors the content of the
<citerefentry>
<refentrytitle>passwd</refentrytitle>
<manvolnum>5</manvolnum>
</citerefentry>
and
<citerefentry>
<refentrytitle>group</refentrytitle>
<manvolnum>5</manvolnum>
</citerefentry>
files. The purpose of the files provider is to make the users
and groups traditionally only accessible with NSS interfaces
also available through the SSSD interfaces such as
<citerefentry>
<refentrytitle>sssd-ifp</refentrytitle>
<manvolnum>5</manvolnum>
</citerefentry>.
</para>
<para>
Another reason is to provide efficient caching of local users and groups.
</para>
<para>
Please note that besides explicit domain definition the files provider
can be configured also implicitly using 'enable_files_domain' option. See
<citerefentry>
<refentrytitle>sssd.conf</refentrytitle>
<manvolnum>5</manvolnum>
</citerefentry> for details.
</para>
<para>
SSSD never handles resolution of user/group "root". Also resolution of
UID/GID 0 is not handled by SSSD. Such requests are passed to next
NSS module (usually files).
</para>
<para>
When SSSD is not running or responding, nss_sss returns the UNAVAIL code
which causes the request to be passed to the next module.
</para>
</refsect1>
<refsect1 id='configuration-options'>
<title>CONFIGURATION OPTIONS</title>
<para>
In addition to the options listed below, generic SSSD domain options
can be set where applicable.
Refer to the section <quote>DOMAIN SECTIONS</quote> of the
<citerefentry>
<refentrytitle>sssd.conf</refentrytitle>
<manvolnum>5</manvolnum>
</citerefentry> manual page for details on the configuration
of an SSSD domain. But the purpose of the files provider is
to expose the same data as the UNIX files, just through the
SSSD interfaces. Therefore not all generic domain options are
supported. Likewise, some global options, such as overriding
the shell in the <quote>nss</quote> section for all domains
has no effect on the files domain unless explicitly specified
per-domain.
<variablelist>
<varlistentry>
<term>passwd_files (string)</term>
<listitem>
<para>
Comma-separated list of one or multiple password
filenames to be read and enumerated by the files
provider, inotify monitor watches will be set on
each file to detect changes dynamically.
</para>
<para>
Default: /etc/passwd
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>group_files (string)</term>
<listitem>
<para>
Comma-separated list of one or multiple group
filenames to be read and enumerated by the files
provider, inotify monitor watches will be set on
each file to detect changes dynamically.
</para>
<para>
Default: /etc/group
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>fallback_to_nss (boolean)</term>
<listitem>
<para>
While updating the internal data SSSD will return an
error and let the client continue with the next NSS
module. This helps to avoid delays when using the
default system files
<filename>/etc/passwd</filename> and
<filename>/etc/group</filename> and the NSS
configuration has 'sss' before 'files' for the
'passwd' and 'group' maps.
</para>
<para>
If the files provider is configured to monitor other
files it makes sense to set this option to 'False'
to avoid inconsistent behavior because in general
there would be no other NSS module which can be used
as a fallback.
</para>
<para>
Default: True
</para>
</listitem>
</varlistentry>
</variablelist>
</para>
</refsect1>
<refsect1 id='example'>
<title>EXAMPLE</title>
<para>
The following example assumes that SSSD is correctly
configured and files is one of the domains in the
<replaceable>[sssd]</replaceable> section.
</para>
<para>
<programlisting>
[domain/files]
id_provider = files
</programlisting>
</para>
<para>
To leverage caching of local users and groups by SSSD
nss_sss module must be listed before nss_files module
in /etc/nsswitch.conf.
</para>
<para>
<programlisting>
passwd: sss files
group: sss files
</programlisting>
</para>
</refsect1>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/seealso.xml" />
</refentry>
</reference>
|
