1SSSD(8) SSSD Manual pages SSSD(8)
2
6 sssd - System Security Services Daemon
7
9 sssd [options]
10
12 SSSD provides a set of daemons to manage access to remote directories
13 and authentication mechanisms. It provides an NSS and PAM interface
14 toward the system and a pluggable backend system to connect to multiple
15 different account sources as well as D-Bus interface. It is also the
16 basis to provide client auditing and policy services for projects like
17 FreeIPA. It provides a more robust database to store local users as
18 well as extended user data.
19
21 -d,--debug-level LEVEL
22 SSSD supports two representations for specifying the debug level.
23 The simplest is to specify a decimal value from 0-9, which
24 represents enabling that level and all lower-level debug messages.
25 The more comprehensive option is to specify a hexadecimal bitmask
26 to enable or disable specific levels (such as if you wish to
27 suppress a level).
28 Please note that each SSSD service logs into its own log file. Also
30 please note that enabling “debug_level” in the “[sssd]” section
31 only enables debugging just for the sssd process itself, not for
32 the responder or provider processes. The “debug_level” parameter
33 should be added to all sections that you wish to produce debug logs
34 from.
35 In addition to changing the log level in the config file using the
37 “debug_level” parameter, which is persistent, but requires SSSD
38 restart, it is also possible to change the debug level on the fly
39 using the sss_debuglevel(8) tool.
40 Currently supported debug levels:
42 0, 0x0010: Fatal failures. Anything that would prevent SSSD from
44 starting up or causes it to cease running.
45 1, 0x0020: Critical failures. An error that doesn't kill SSSD, but
47 one that indicates that at least one major feature is not going to
48 work properly.
49 2, 0x0040: Serious failures. An error announcing that a particular
51 request or operation has failed.
52 3, 0x0080: Minor failures. These are the errors that would
54 percolate down to cause the operation failure of 2.
55 4, 0x0100: Configuration settings.
57 5, 0x0200: Function data.
59 6, 0x0400: Trace messages for operation functions.
61 7, 0x1000: Trace messages for internal control functions.
63 8, 0x2000: Contents of function-internal variables that may be
65 interesting.
66 9, 0x4000: Extremely low-level tracing information.
68 10, 0x10000: Even more low-level libldb tracing information. Almost
70 never really required.
71 To log required bitmask debug levels, simply add their numbers
73 together as shown in following examples:
74 Example: To log fatal failures, critical failures, serious failures
76 and function data use 0x0270.
77 Example: To log fatal failures, configuration settings, function
79 data, trace messages for internal control functions use 0x1310.
80 Note: The bitmask format of debug levels was introduced in 1.7.0.
82 Default: 0x0070 (i.e. fatal, critical and serious failures;
84 corresponds to setting 2 in decimal notation)
85 --debug-timestamps=mode
87 1: Add a timestamp to the debug messages
88 0: Disable timestamp in the debug messages
90 Default: 1
92 --debug-microseconds=mode
94 1: Add microseconds to the timestamp in debug messages
95 0: Disable microseconds in timestamp
97 Default: 0
99 --logger=value
101 Location where SSSD will send log messages.
102 stderr: Redirect debug messages to standard error output.
104 files: Redirect debug messages to the log files. By default, the
106 log files are stored in /var/log/sssd and there are separate log
107 files for every SSSD service and domain.
108 journald: Redirect debug messages to systemd-journald
110 Default: not set (fall back to journald if available, otherwise to
112 stderr)
113 -D,--daemon
115 Become a daemon after starting up.
116 -i,--interactive
118 Run in the foreground, don't become a daemon.
119 -c,--config
121 Specify a non-default config file. The default is
122 /etc/sssd/sssd.conf. For reference on the config file syntax and
123 options, consult the sssd.conf(5) manual page.
124 -g,--genconf
126 Do not start the SSSD, but refresh the configuration database from
127 the contents of /etc/sssd/sssd.conf and exit.
128 -s,--genconf-section
130 Similar to “--genconf”, but only refresh a single section from the
131 configuration file. This option is useful mainly to be called from
132 systemd unit files to allow socket-activated responders to refresh
133 their configuration without requiring the administrator to restart
134 the whole SSSD.
135 -?,--help
137 Display help message and exit.
138 --version
140 Print version number and exit.
141
143 SIGTERM/SIGINT
144 Informs the SSSD to gracefully terminate all of its child processes
145 and then shut down the monitor.
146 SIGHUP
148 Tells the SSSD to stop writing to its current debug file
149 descriptors and to close and reopen them. This is meant to
150 facilitate log rolling with programs like logrotate.
151 SIGUSR1
153 Tells the SSSD to simulate offline operation for the duration of
154 the “offline_timeout” parameter. This is useful for testing. The
155 signal can be sent to either the sssd process or any sssd_be
156 process directly.
157 SIGUSR2
159 Tells the SSSD to go online immediately. This is useful for
160 testing. The signal can be sent to either the sssd process or any
161 sssd_be process directly.
162
164 If the environment variable SSS_NSS_USE_MEMCACHE is set to "NO", client
165 applications will not use the fast in-memory cache.
166
168 sssd(8), sssd.conf(5), sssd-ldap(5), sssd-krb5(5), sssd-simple(5),
169 sssd-ipa(5), sssd-ad(5), sssd-files(5), sssd-sudo(5), sssd-session-
170 recording(5), sss_cache(8), sss_debuglevel(8), sss_obfuscate(8),
171 sss_seed(8), sssd_krb5_locator_plugin(8), sss_ssh_authorizedkeys(8),
172 sss_ssh_knownhostsproxy(8), sssd-ifp(5), pam_sss(8). sss_rpcidmapd(5)
173 sssd-systemtap(5)
174
176 The SSSD upstream - https://github.com/SSSD/sssd/
177SSSD 11/08/2021 SSSD(8)