1SSSD(8) SSSD Manual pages SSSD(8)
2
3
4
6 sssd - System Security Services Daemon
7
9 sssd [options]
10
12 SSSD provides a set of daemons to manage access to remote directories
13 and authentication mechanisms. It provides an NSS and PAM interface
14 toward the system and a pluggable backend system to connect to multiple
15 different account sources as well as D-Bus interface. It is also the
16 basis to provide client auditing and policy services for projects like
17 FreeIPA. It provides a more robust database to store local users as
18 well as extended user data.
19
21 -d,--debug-level LEVEL
22 SSSD supports two representations for specifying the debug level.
23 The simplest is to specify a decimal value from 0-9, which
24 represents enabling that level and all lower-level debug messages.
25 The more comprehensive option is to specify a hexadecimal bitmask
26 to enable or disable specific levels (such as if you wish to
27 suppress a level).
28
29 Please note that each SSSD service logs into its own log file. Also
30 please note that enabling “debug_level” in the “[sssd]” section
31 only enables debugging just for the sssd process itself, not for
32 the responder or provider processes. The “debug_level” parameter
33 should be added to all sections that you wish to produce debug logs
34 from.
35
36 In addition to changing the log level in the config file using the
37 “debug_level” parameter, which is persistent, but requires SSSD
38 restart, it is also possible to change the debug level on the fly
39 using the sss_debuglevel(8) tool.
40
41 Currently supported debug levels:
42
43 0, 0x0010: Fatal failures. Anything that would prevent SSSD from
44 starting up or causes it to cease running.
45
46 1, 0x0020: Critical failures. An error that doesn't kill SSSD, but
47 one that indicates that at least one major feature is not going to
48 work properly.
49
50 2, 0x0040: Serious failures. An error announcing that a particular
51 request or operation has failed.
52
53 3, 0x0080: Minor failures. These are the errors that would
54 percolate down to cause the operation failure of 2.
55
56 4, 0x0100: Configuration settings.
57
58 5, 0x0200: Function data.
59
60 6, 0x0400: Trace messages for operation functions.
61
62 7, 0x1000: Trace messages for internal control functions.
63
64 8, 0x2000: Contents of function-internal variables that may be
65 interesting.
66
67 9, 0x4000: Extremely low-level tracing information.
68
69 10, 0x10000: Even more low-level libldb tracing information. Almost
70 never really required.
71
72 To log required bitmask debug levels, simply add their numbers
73 together as shown in following examples:
74
75 Example: To log fatal failures, critical failures, serious failures
76 and function data use 0x0270.
77
78 Example: To log fatal failures, configuration settings, function
79 data, trace messages for internal control functions use 0x1310.
80
81 Note: The bitmask format of debug levels was introduced in 1.7.0.
82
83 Default: 0x0070 (i.e. fatal, critical and serious failures;
84 corresponds to setting 2 in decimal notation)
85
86 --debug-timestamps=mode
87 1: Add a timestamp to the debug messages
88
89 0: Disable timestamp in the debug messages
90
91 Default: 1
92
93 --debug-microseconds=mode
94 1: Add microseconds to the timestamp in debug messages
95
96 0: Disable microseconds in timestamp
97
98 Default: 0
99
100 -f,--debug-to-files
101 Send the debug output to files instead of stderr. By default, the
102 log files are stored in /var/log/sssd and there are separate log
103 files for every SSSD service and domain.
104
105 This option is deprecated. It is replaced by --logger=files.
106
107 --logger=value
108 Location where SSSD will send log messages. This option overrides
109 the value of the deprecated option --debug-to-files. The deprecated
110 option will still work if the --logger is not used.
111
112 stderr: Redirect debug messages to standard error output.
113
114 files: Redirect debug messages to the log files. By default, the
115 log files are stored in /var/log/sssd and there are separate log
116 files for every SSSD service and domain.
117
118 journald: Redirect debug messages to systemd-journald
119
120 Default: not set
121
122 -D,--daemon
123 Become a daemon after starting up.
124
125 -i,--interactive
126 Run in the foreground, don't become a daemon.
127
128 -c,--config
129 Specify a non-default config file. The default is
130 /etc/sssd/sssd.conf. For reference on the config file syntax and
131 options, consult the sssd.conf(5) manual page.
132
133 -g,--genconf
134 Do not start the SSSD, but refresh the configuration database from
135 the contents of /etc/sssd/sssd.conf and exit.
136
137 -s,--genconf-section
138 Similar to “--genconf”, but only refresh a single section from the
139 configuration file. This option is useful mainly to be called from
140 systemd unit files to allow socket-activated responders to refresh
141 their configuration without requiring the administrator to restart
142 the whole SSSD.
143
144 -?,--help
145 Display help message and exit.
146
147 --version
148 Print version number and exit.
149
151 SIGTERM/SIGINT
152 Informs the SSSD to gracefully terminate all of its child processes
153 and then shut down the monitor.
154
155 SIGHUP
156 Tells the SSSD to stop writing to its current debug file
157 descriptors and to close and reopen them. This is meant to
158 facilitate log rolling with programs like logrotate.
159
160 SIGUSR1
161 Tells the SSSD to simulate offline operation for the duration of
162 the “offline_timeout” parameter. This is useful for testing. The
163 signal can be sent to either the sssd process or any sssd_be
164 process directly.
165
166 SIGUSR2
167 Tells the SSSD to go online immediately. This is useful for
168 testing. The signal can be sent to either the sssd process or any
169 sssd_be process directly.
170
172 If the environment variable SSS_NSS_USE_MEMCACHE is set to "NO", client
173 applications will not use the fast in-memory cache.
174
176 sssd(8), sssd.conf(5), sssd-ldap(5), sssd-krb5(5), sssd-simple(5),
177 sssd-ipa(5), sssd-ad(5), sssd-files(5), sssd-sudo(5), sssd-session-
178 recording(5), sss_cache(8), sss_debuglevel(8), sss_obfuscate(8),
179 sss_seed(8), sssd_krb5_locator_plugin(8), sss_ssh_authorizedkeys(8),
180 sss_ssh_knownhostsproxy(8), sssd-ifp(5), pam_sss(8). sss_rpcidmapd(5)
181 sssd-systemtap(5)
182
184 The SSSD upstream - https://github.com/SSSD/sssd/
185
186
187
188SSSD 02/19/2021 SSSD(8)