1SSSD-FILES(5) File Formats and Conventions SSSD-FILES(5)
2
3
4
6 sssd-files - SSSD files provider
7
9 This manual page describes the files provider for sssd(8). For a
10 detailed syntax reference, refer to the “FILE FORMAT” section of the
11 sssd.conf(5) manual page.
12
13 The files provider mirrors the content of the passwd(5) and group(5)
14 files. The purpose of the files provider is to make the users and
15 groups traditionally only accessible with NSS interfaces also available
16 through the SSSD interfaces such as sssd-ifp(5).
17
18 Another reason is to provide efficient caching of local users and
19 groups.
20
21 Please note that besides explicit domain definition the files provider
22 can be configured also implicitly using 'enable_files_domain' option.
23 See sssd.conf(5) for details.
24
25 SSSD never handles resolution of user/group "root". Also resolution of
26 UID/GID 0 is not handled by SSSD. Such requests are passed to next NSS
27 module (usually files).
28
29 When SSSD is not running or responding, nss_sss returns the UNAVAIL
30 code which causes the request to be passed to the next module.
31
33 In addition to the options listed below, generic SSSD domain options
34 can be set where applicable. Refer to the section “DOMAIN SECTIONS” of
35 the sssd.conf(5) manual page for details on the configuration of an
36 SSSD domain. But the purpose of the files provider is to expose the
37 same data as the UNIX files, just through the SSSD interfaces.
38 Therefore not all generic domain options are supported. Likewise, some
39 global options, such as overriding the shell in the “nss” section for
40 all domains has no effect on the files domain unless explicitly
41 specified per-domain.
42
43 passwd_files (string)
44 Comma-separated list of one or multiple password filenames to be
45 read and enumerated by the files provider, inotify monitor watches
46 will be set on each file to detect changes dynamically.
47
48 Default: /etc/passwd
49
50 group_files (string)
51 Comma-separated list of one or multiple group filenames to be read
52 and enumerated by the files provider, inotify monitor watches will
53 be set on each file to detect changes dynamically.
54
55 Default: /etc/group
56
57 fallback_to_nss (boolean)
58 While updating the internal data SSSD will return an error and let
59 the client continue with the next NSS module. This helps to avoid
60 delays when using the default system files /etc/passwd and
61 /etc/group and the NSS configuration has 'sss' before 'files' for
62 the 'passwd' and 'group' maps.
63
64 If the files provider is configured to monitor other files it makes
65 sense to set this option to 'False' to avoid inconsistent behavior
66 because in general there would be no other NSS module which can be
67 used as a fallback.
68
69 Default: True
70
72 The following example assumes that SSSD is correctly configured and
73 files is one of the domains in the [sssd] section.
74
75 [domain/files]
76 id_provider = files
77
78 To leverage caching of local users and groups by SSSD nss_sss module
79 must be listed before nss_files module in /etc/nsswitch.conf.
80
81 passwd: sss files
82 group: sss files
83
84
86 sssd(8), sssd.conf(5), sssd-ldap(5), sssd-ldap-attributes(5), sssd-
87 krb5(5), sssd-simple(5), sssd-ipa(5), sssd-ad(5), sssd-files(5), sssd-
88 sudo(5), sssd-session-recording(5), sss_cache(8), sss_debuglevel(8),
89 sss_obfuscate(8), sss_seed(8), sssd_krb5_locator_plugin(8),
90 sss_ssh_authorizedkeys(8), sss_ssh_knownhostsproxy(8), sssd-ifp(5),
91 pam_sss(8). sss_rpcidmapd(5) sssd-systemtap(5)
92
94 The SSSD upstream - https://github.com/SSSD/sssd/
95
96
97
98SSSD 11/15/2023 SSSD-FILES(5)