1SSS_OVERRIDE(8)                SSSD Manual pages               SSS_OVERRIDE(8)
2
3
4

NAME

6       sss_override - create local overrides of user and group attributes
7

SYNOPSIS

9       sss_override COMMAND [options]
10

DESCRIPTION

12       sss_override enables to create a client-side view and allows to change
13       selected values of specific user and groups. This change takes effect
14       only on local machine.
15
16       Overrides data are stored in the SSSD cache. If the cache is deleted,
17       all local overrides are lost. Please note that after the first override
18       is created using any of the following user-add, group-add, user-import
19       or group-import command. SSSD needs to be restarted to take effect.
20       sss_override prints message when a restart is required.
21
22       NOTE: The options provided in this man page only work with “ldap” and
23       “AD” “ id_provider”. IPA overrides can be managed centrally on the IPA
24       server.
25

AVAILABLE COMMANDS

27       Argument NAME is the name of original object in all commands. It is not
28       possible to override uid or gid to 0.
29
30       user-add NAME [-n,--name NAME] [-u,--uid UID] [-g,--gid GID] [-h,--home
31       HOME] [-s,--shell SHELL] [-c,--gecos GECOS] [-x,--certificate BASE64
32       ENCODED CERTIFICATE]
33           Override attributes of an user. Please be aware that calling this
34           command will replace any previous override for the (NAMEd) user.
35
36       user-del NAME
37           Remove user overrides. However be aware that overridden attributes
38           might be returned from memory cache. Please see SSSD option
39           memcache_timeout for more details.
40
41       user-find [-d,--domain DOMAIN]
42           List all users with set overrides. If DOMAIN parameter is set, only
43           users from the domain are listed.
44
45       user-show NAME
46           Show user overrides.
47
48       user-import FILE
49           Import user overrides from FILE. Data format is similar to standard
50           passwd file. The format is:
51
52           original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate
53
54           where original_name is original name of the user whose attributes
55           should be overridden. The rest of fields correspond to new values.
56           You can omit a value simply by leaving corresponding field empty.
57
58           Examples:
59
60           ckent:superman::::::
61
62           ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:
63
64       user-export FILE
65           Export all overridden attributes and store them in FILE. See
66           user-import for data format.
67
68       group-add NAME [-n,--name NAME] [-g,--gid GID]
69           Override attributes of a group. Please be aware that calling this
70           command will replace any previous override for the (NAMEd) group.
71
72       group-del NAME
73           Remove group overrides. However be aware that overridden attributes
74           might be returned from memory cache. Please see SSSD option
75           memcache_timeout for more details.
76
77       group-find [-d,--domain DOMAIN]
78           List all groups with set overrides. If DOMAIN parameter is set,
79           only groups from the domain are listed.
80
81       group-show NAME
82           Show group overrides.
83
84       group-import FILE
85           Import group overrides from FILE. Data format is similar to
86           standard group file. The format is:
87
88           original_name:name:gid
89
90           where original_name is original name of the group whose attributes
91           should be overridden. The rest of fields correspond to new values.
92           You can omit a value simply by leaving corresponding field empty.
93
94           Examples:
95
96           admins:administrators:
97
98           Domain Users:Users:501
99
100       group-export FILE
101           Export all overridden attributes and store them in FILE. See
102           group-import for data format.
103

COMMON OPTIONS

105       Those options are available with all commands.
106
107       --debug LEVEL
108           SSSD supports two representations for specifying the debug level.
109           The simplest is to specify a decimal value from 0-9, which
110           represents enabling that level and all lower-level debug messages.
111           The more comprehensive option is to specify a hexadecimal bitmask
112           to enable or disable specific levels (such as if you wish to
113           suppress a level).
114
115           Currently supported debug levels:
116
117           0, 0x0010: Fatal failures. Anything that would prevent SSSD from
118           starting up or causes it to cease running.
119
120           1, 0x0020: Critical failures. An error that doesn't kill SSSD, but
121           one that indicates that at least one major feature is not going to
122           work properly.
123
124           2, 0x0040: Serious failures. An error announcing that a particular
125           request or operation has failed.
126
127           3, 0x0080: Minor failures. These are the errors that would
128           percolate down to cause the operation failure of 2.
129
130           4, 0x0100: Configuration settings.
131
132           5, 0x0200: Function data.
133
134           6, 0x0400: Trace messages for operation functions.
135
136           7, 0x1000: Trace messages for internal control functions.
137
138           8, 0x2000: Contents of function-internal variables that may be
139           interesting.
140
141           9, 0x4000: Extremely low-level tracing information.
142
143           10, 0x10000: Even more low-level libldb tracing information. Almost
144           never really required.
145
146           To log required bitmask debug levels, simply add their numbers
147           together as shown in following examples:
148
149           Example: To log fatal failures, critical failures, serious failures
150           and function data use 0x0270.
151
152           Example: To log fatal failures, configuration settings, function
153           data, trace messages for internal control functions use 0x1310.
154
155           Note: The bitmask format of debug levels was introduced in 1.7.0.
156
157           Default: 0x0070 (i.e. fatal, critical and serious failures;
158           corresponds to setting 2 in decimal notation)
159

SEE ALSO

161       sssd(8), sssd.conf(5), sssd-ldap(5), sssd-krb5(5), sssd-simple(5),
162       sssd-ipa(5), sssd-ad(5), sssd-files(5), sssd-sudo(5), sssd-session-
163       recording(5), sss_cache(8), sss_debuglevel(8), sss_obfuscate(8),
164       sss_seed(8), sssd_krb5_locator_plugin(8), sss_ssh_authorizedkeys(8),
165       sss_ssh_knownhostsproxy(8), sssd-ifp(5), pam_sss(8).  sss_rpcidmapd(5)
166       sssd-systemtap(5)
167

AUTHORS

169       The SSSD upstream - https://github.com/SSSD/sssd/
170
171
172
173SSSD                              02/19/2021                   SSS_OVERRIDE(8)
Impressum