'\" t .\" Title: sssd-files .\" Author: The SSSD upstream - https://github.com/SSSD/sssd/ .\" Generator: DocBook XSL Stylesheets vsnapshot .\" Date: 04/09/2024 .\" Manual: File Formats and Conventions .\" Source: SSSD .\" Language: English .\" .TH "SSSD\-FILES" "5" "04/09/2024" "SSSD" "File Formats and Conventions" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" sssd-files \- SSSD files provider .SH "DESCRIPTION" .PP This manual page describes the files provider for \fBsssd\fR(8)\&. For a detailed syntax reference, refer to the \(lqFILE FORMAT\(rq section of the \fBsssd.conf\fR(5) manual page\&. .PP The files provider mirrors the content of the \fBpasswd\fR(5) and \fBgroup\fR(5) files\&. The purpose of the files provider is to make the users and groups traditionally only accessible with NSS interfaces also available through the SSSD interfaces such as \fBsssd-ifp\fR(5)\&. .PP Another reason is to provide efficient caching of local users and groups\&. .PP Please note that besides explicit domain definition the files provider can be configured also implicitly using \*(Aqenable_files_domain\*(Aq option\&. See \fBsssd.conf\fR(5) for details\&. .PP SSSD never handles resolution of user/group "root"\&. Also resolution of UID/GID 0 is not handled by SSSD\&. Such requests are passed to next NSS module (usually files)\&. .PP When SSSD is not running or responding, nss_sss returns the UNAVAIL code which causes the request to be passed to the next module\&. .SH "CONFIGURATION OPTIONS" .PP In addition to the options listed below, generic SSSD domain options can be set where applicable\&. Refer to the section \(lqDOMAIN SECTIONS\(rq of the \fBsssd.conf\fR(5) manual page for details on the configuration of an SSSD domain\&. But the purpose of the files provider is to expose the same data as the UNIX files, just through the SSSD interfaces\&. Therefore not all generic domain options are supported\&. Likewise, some global options, such as overriding the shell in the \(lqnss\(rq section for all domains has no effect on the files domain unless explicitly specified per\-domain\&. .PP passwd_files (string) .RS 4 Comma\-separated list of one or multiple password filenames to be read and enumerated by the files provider, inotify monitor watches will be set on each file to detect changes dynamically\&. .sp Default: /etc/passwd .RE .PP group_files (string) .RS 4 Comma\-separated list of one or multiple group filenames to be read and enumerated by the files provider, inotify monitor watches will be set on each file to detect changes dynamically\&. .sp Default: /etc/group .RE .PP fallback_to_nss (boolean) .RS 4 While updating the internal data SSSD will return an error and let the client continue with the next NSS module\&. This helps to avoid delays when using the default system files /etc/passwd and /etc/group and the NSS configuration has \*(Aqsss\*(Aq before \*(Aqfiles\*(Aq for the \*(Aqpasswd\*(Aq and \*(Aqgroup\*(Aq maps\&. .sp If the files provider is configured to monitor other files it makes sense to set this option to \*(AqFalse\*(Aq to avoid inconsistent behavior because in general there would be no other NSS module which can be used as a fallback\&. .sp Default: True .RE .SH "EXAMPLE" .PP The following example assumes that SSSD is correctly configured and files is one of the domains in the \fI[sssd]\fR section\&. .PP .if n \{\ .RS 4 .\} .nf [domain/files] id_provider = files .fi .if n \{\ .RE .\} .PP To leverage caching of local users and groups by SSSD nss_sss module must be listed before nss_files module in /etc/nsswitch\&.conf\&. .PP .if n \{\ .RS 4 .\} .nf passwd: sss files group: sss files .fi .if n \{\ .RE .\} .sp .SH "SEE ALSO" .PP \fBsssd\fR(8), \fBsssd.conf\fR(5), \fBsssd-ldap\fR(5), \fBsssd-ldap-attributes\fR(5), \fBsssd-krb5\fR(5), \fBsssd-simple\fR(5), \fBsssd-ipa\fR(5), \fBsssd-ad\fR(5), \fBsssd-files\fR(5), \fBsssd-sudo\fR(5), \fBsssd-session-recording\fR(5), \fBsss_cache\fR(8), \fBsss_debuglevel\fR(8), \fBsss_obfuscate\fR(8), \fBsss_seed\fR(8), \fBsssd_krb5_locator_plugin\fR(8), \fBsss_ssh_authorizedkeys\fR(8), \fBsss_ssh_knownhostsproxy\fR(8), \fBsssd-ifp\fR(5), \fBpam_sss\fR(8)\&. \fBsss_rpcidmapd\fR(5) .SH "AUTHORS" .PP \fBThe SSSD upstream \- https://github\&.com/SSSD/sssd/\fR