1SSS_CACHE(8)                   SSSD Manual pages                  SSS_CACHE(8)
2
3
4

NAME

6       sss_cache - perform cache cleanup
7

SYNOPSIS

9       sss_cache [options]
10

DESCRIPTION

12       sss_cache invalidates records in SSSD cache. Invalidated records are
13       forced to be reloaded from server as soon as related SSSD backend is
14       online. Options that invalidate a single object only accept a single
15       provided argument.
16

OPTIONS

18       -E,--everything
19           Invalidate all cached entries.
20
21       -u,--user login
22           Invalidate specific user.
23
24       -U,--users
25           Invalidate all user records. This option overrides invalidation of
26           specific user if it was also set.
27
28       -g,--group group
29           Invalidate specific group.
30
31       -G,--groups
32           Invalidate all group records. This option overrides invalidation of
33           specific group if it was also set.
34
35       -n,--netgroup netgroup
36           Invalidate specific netgroup.
37
38       -N,--netgroups
39           Invalidate all netgroup records. This option overrides invalidation
40           of specific netgroup if it was also set.
41
42       -s,--service service
43           Invalidate specific service.
44
45       -S,--services
46           Invalidate all service records. This option overrides invalidation
47           of specific service if it was also set.
48
49       -a,--autofs-map autofs-map
50           Invalidate specific autofs maps.
51
52       -A,--autofs-maps
53           Invalidate all autofs maps. This option overrides invalidation of
54           specific map if it was also set.
55
56       -h,--ssh-host hostname
57           Invalidate SSH public keys of a specific host.
58
59       -H,--ssh-hosts
60           Invalidate SSH public keys of all hosts. This option overrides
61           invalidation of SSH public keys of specific host if it was also
62           set.
63
64       -r,--sudo-rule rule
65           Invalidate particular sudo rule.
66
67       -R,--sudo-rules
68           Invalidate all cached sudo rules. This option overrides
69           invalidation of specific sudo rule if it was also set.
70
71       -d,--domain domain
72           Restrict invalidation process only to a particular domain.
73
74       -?,--help
75           Display help message and exit.
76

EFFECTS ON THE FAST MEMORY CACHE

78       sss_cache also invalidates the memory cache. Since the memory cache is
79       a file which is mapped into the memory of each process which called
80       SSSD to resolve users or groups the file cannot be truncated. A special
81       flag is set in the header of the file to indicate that the content is
82       invalid and then the file is unlinked by SSSD's NSS responder and a new
83       cache file is created. Whenever a process is now doing a new lookup for
84       a user or a group it will see the flag, close the old memory cache file
85       and map the new one into its memory. When all processes which had
86       opened the old memory cache file have closed it while looking up a user
87       or a group the kernel can release the occupied disk space and the old
88       memory cache file is finally removed completely.
89
90       A special case is long running processes which are doing user or group
91       lookups only at startup, e.g. to determine the name of the user the
92       process is running as. For those lookups the memory cache file is
93       mapped into the memory of the process. But since there will be no
94       further lookups this process would never detect if the memory cache
95       file was invalidated and hence it will be kept in memory and will
96       occupy disk space until the process stops. As a result calling
97       sss_cache might increase the disk usage because old memory cache files
98       cannot be removed from the disk because they are still mapped by long
99       running processes.
100
101       A possible work-around for long running processes which are looking up
102       users and groups only at startup or very rarely is to run them with the
103       environment variable SSS_NSS_USE_MEMCACHE set to "NO" so that they
104       won't use the memory cache at all and not map the memory cache file
105       into the memory. In general a better solution is to tune the cache
106       timeout parameters so that they meet the local expectations and calling
107       sss_cache is not needed.
108

SEE ALSO

110       sssd(8), sssd.conf(5), sssd-ldap(5), sssd-krb5(5), sssd-simple(5),
111       sssd-ipa(5), sssd-ad(5), sssd-files(5), sssd-sudo(5), sssd-session-
112       recording(5), sss_cache(8), sss_debuglevel(8), sss_obfuscate(8),
113       sss_seed(8), sssd_krb5_locator_plugin(8), sss_ssh_authorizedkeys(8),
114       sss_ssh_knownhostsproxy(8), sssd-ifp(5), pam_sss(8).  sss_rpcidmapd(5)
115       sssd-systemtap(5)
116

AUTHORS

118       The SSSD upstream - https://github.com/SSSD/sssd/
119
120
121
122SSSD                              11/08/2021                      SSS_CACHE(8)
Impressum