1SSSD(8) SSSD Manual pages SSSD(8)
2
6 sssd - System Security Services Daemon
7
9 sssd [options]
10
12 SSSD provides a set of daemons to manage access to remote directories
13 and authentication mechanisms. It provides an NSS and PAM interface
14 toward the system and a pluggable backend system to connect to multiple
15 different account sources as well as D-Bus interface. It is also the
16 basis to provide client auditing and policy services for projects like
17 FreeIPA. It provides a more robust database to store local users as
18 well as extended user data.
19
21 -d,--debug-level LEVEL
22 SSSD supports two representations for specifying the debug level.
23 The simplest is to specify a decimal value from 0-9, which
24 represents enabling that level and all lower-level debug messages.
25 The more comprehensive option is to specify a hexadecimal bitmask
26 to enable or disable specific levels (such as if you wish to
27 suppress a level).
28 Please note that each SSSD service logs into its own log file. Also
30 please note that enabling “debug_level” in the “[sssd]” section
31 only enables debugging just for the sssd process itself, not for
32 the responder or provider processes. The “debug_level” parameter
33 should be added to all sections that you wish to produce debug logs
34 from.
35 In addition to changing the log level in the config file using the
37 “debug_level” parameter, which is persistent, but requires SSSD
38 restart, it is also possible to change the debug level on the fly
39 using the sss_debuglevel(8) tool.
40 Currently supported debug levels:
42 0, 0x0010: Fatal failures. Anything that would prevent SSSD from
44 starting up or causes it to cease running.
45 1, 0x0020: Critical failures. An error that doesn't kill SSSD, but
47 one that indicates that at least one major feature is not going to
48 work properly.
49 2, 0x0040: Serious failures. An error announcing that a particular
51 request or operation has failed.
52 3, 0x0080: Minor failures. These are the errors that would
54 percolate down to cause the operation failure of 2.
55 4, 0x0100: Configuration settings.
57 5, 0x0200: Function data.
59 6, 0x0400: Trace messages for operation functions.
61 7, 0x1000: Trace messages for internal control functions.
63 8, 0x2000: Contents of function-internal variables that may be
65 interesting.
66 9, 0x4000: Extremely low-level tracing information.
68 To log required bitmask debug levels, simply add their numbers
70 together as shown in following examples:
71 Example: To log fatal failures, critical failures, serious failures
73 and function data use 0x0270.
74 Example: To log fatal failures, configuration settings, function
76 data, trace messages for internal control functions use 0x1310.
77 Note: The bitmask format of debug levels was introduced in 1.7.0.
79 Default: 0
81 --debug-timestamps=mode
83 1: Add a timestamp to the debug messages
84 0: Disable timestamp in the debug messages
86 Default: 1
88 --debug-microseconds=mode
90 1: Add microseconds to the timestamp in debug messages
91 0: Disable microseconds in timestamp
93 Default: 0
95 -f,--debug-to-files
97 Send the debug output to files instead of stderr. By default, the
98 log files are stored in /var/log/sssd and there are separate log
99 files for every SSSD service and domain.
100 This option is deprecated. It is replaced by --logger=files.
102 --logger=value
104 Location where SSSD will send log messages. This option overrides
105 the value of the deprecated option --debug-to-files. The deprecated
106 option will still work if the --logger is not used.
107 stderr: Redirect debug messages to standard error output.
109 files: Redirect debug messages to the log files. By default, the
111 log files are stored in /var/log/sssd and there are separate log
112 files for every SSSD service and domain.
113 journald: Redirect debug messages to systemd-journald
115 Default: not set
117 -D,--daemon
119 Become a daemon after starting up.
120 -i,--interactive
122 Run in the foreground, don't become a daemon.
123 -c,--config
125 Specify a non-default config file. The default is
126 /etc/sssd/sssd.conf. For reference on the config file syntax and
127 options, consult the sssd.conf(5) manual page.
128 -?,--help
130 Display help message and exit.
131 --version
133 Print version number and exit.
134
136 SIGTERM/SIGINT
137 Informs the SSSD to gracefully terminate all of its child processes
138 and then shut down the monitor.
139 SIGHUP
141 Tells the SSSD to stop writing to its current debug file
142 descriptors and to close and reopen them. This is meant to
143 facilitate log rolling with programs like logrotate.
144 SIGUSR1
146 Tells the SSSD to simulate offline operation for the duration of
147 the “offline_timeout” parameter. This is useful for testing. The
148 signal can be sent to either the sssd process or any sssd_be
149 process directly.
150 SIGUSR2
152 Tells the SSSD to go online immediately. This is useful for
153 testing. The signal can be sent to either the sssd process or any
154 sssd_be process directly.
155
157 If the environment variable SSS_NSS_USE_MEMCACHE is set to "NO", client
158 applications will not use the fast in memory cache.
159
161 sssd(8), sssd.conf(5), sssd-ldap(5), sssd-krb5(5), sssd-simple(5),
162 sssd-ipa(5), sssd-ad(5), sssd-sudo(5),sssd-secrets(5),sssd-session-
163 recording(5), sss_cache(8), sss_debuglevel(8), sss_groupadd(8),
164 sss_groupdel(8), sss_groupshow(8), sss_groupmod(8), sss_useradd(8),
165 sss_userdel(8), sss_usermod(8), sss_obfuscate(8), sss_seed(8),
166 sssd_krb5_locator_plugin(8), sss_ssh_authorizedkeys(8),
167 sss_ssh_knownhostsproxy(8),sssd-ifp(5),pam_sss(8).
168 sss_rpcidmapd(5)sssd-systemtap(5)
169
171 The SSSD upstream - https://pagure.io/SSSD/sssd/
172SSSD 04/25/2019 SSSD(8)