1SSSD(8) SSSD Manual pages SSSD(8)
2
3
4
6 sssd - System Security Services Daemon
7
9 sssd [options]
10
12 SSSD provides a set of daemons to manage access to remote directories
13 and authentication mechanisms. It provides an NSS and PAM interface
14 toward the system and a pluggable backend system to connect to multiple
15 different account sources as well as D-Bus interface. It is also the
16 basis to provide client auditing and policy services for projects like
17 FreeIPA. It provides a more robust database to store local users as
18 well as extended user data.
19
21 -d,--debug-level LEVEL
22 SSSD supports two representations for specifying the debug level.
23 The simplest is to specify a decimal value from 0-9, which
24 represents enabling that level and all lower-level debug messages.
25 The more comprehensive option is to specify a hexadecimal bitmask
26 to enable or disable specific levels (such as if you wish to
27 suppress a level).
28
29 Please note that each SSSD service logs into its own log file. Also
30 please note that enabling “debug_level” in the “[sssd]” section
31 only enables debugging just for the sssd process itself, not for
32 the responder or provider processes. The “debug_level” parameter
33 should be added to all sections that you wish to produce debug logs
34 from.
35
36 In addition to changing the log level in the config file using the
37 “debug_level” parameter, which is persistent, but requires SSSD
38 restart, it is also possible to change the debug level on the fly
39 using the sss_debuglevel(8) tool.
40
41 Currently supported debug levels:
42
43 0, 0x0010: Fatal failures. Anything that would prevent SSSD from
44 starting up or causes it to cease running.
45
46 1, 0x0020: Critical failures. An error that doesn't kill SSSD, but
47 one that indicates that at least one major feature is not going to
48 work properly.
49
50 2, 0x0040: Serious failures. An error announcing that a particular
51 request or operation has failed.
52
53 3, 0x0080: Minor failures. These are the errors that would
54 percolate down to cause the operation failure of 2.
55
56 4, 0x0100: Configuration settings.
57
58 5, 0x0200: Function data.
59
60 6, 0x0400: Trace messages for operation functions.
61
62 7, 0x1000: Trace messages for internal control functions.
63
64 8, 0x2000: Contents of function-internal variables that may be
65 interesting.
66
67 9, 0x4000: Extremely low-level tracing information.
68
69 9, 0x20000: Performance and statistical data, please note that due
70 to the way requests are processed internally the logged execution
71 time of a request might be longer than it actually was.
72
73 10, 0x10000: Even more low-level libldb tracing information. Almost
74 never really required.
75
76 To log required bitmask debug levels, simply add their numbers
77 together as shown in following examples:
78
79 Example: To log fatal failures, critical failures, serious failures
80 and function data use 0x0270.
81
82 Example: To log fatal failures, configuration settings, function
83 data, trace messages for internal control functions use 0x1310.
84
85 Note: The bitmask format of debug levels was introduced in 1.7.0.
86
87 Default: 0x0070 (i.e. fatal, critical and serious failures;
88 corresponds to setting 2 in decimal notation)
89
90 --debug-timestamps=mode
91 1: Add a timestamp to the debug messages
92
93 0: Disable timestamp in the debug messages
94
95 Default: 1
96
97 --debug-microseconds=mode
98 1: Add microseconds to the timestamp in debug messages
99
100 0: Disable microseconds in timestamp
101
102 Default: 0
103
104 --logger=value
105 Location where SSSD will send log messages.
106
107 stderr: Redirect debug messages to standard error output.
108
109 files: Redirect debug messages to the log files. By default, the
110 log files are stored in /var/log/sssd and there are separate log
111 files for every SSSD service and domain.
112
113 journald: Redirect debug messages to systemd-journald
114
115 Default: not set (fall back to journald if available, otherwise to
116 stderr)
117
118 -D,--daemon
119 Become a daemon after starting up.
120
121 -i,--interactive
122 Run in the foreground, don't become a daemon.
123
124 -c,--config
125 Specify a non-default config file. The default is
126 /etc/sssd/sssd.conf. For reference on the config file syntax and
127 options, consult the sssd.conf(5) manual page.
128
129 -g,--genconf
130 Do not start the SSSD, but refresh the configuration database from
131 the contents of /etc/sssd/sssd.conf and exit.
132
133 -s,--genconf-section
134 Similar to “--genconf”, but only refresh a single section from the
135 configuration file. This option is useful mainly to be called from
136 systemd unit files to allow socket-activated responders to refresh
137 their configuration without requiring the administrator to restart
138 the whole SSSD.
139
140 -?,--help
141 Display help message and exit.
142
143 --version
144 Print version number and exit.
145
147 SIGTERM/SIGINT
148 Informs the SSSD to gracefully terminate all of its child processes
149 and then shut down the monitor.
150
151 SIGHUP
152 Tells the SSSD to stop writing to its current debug file
153 descriptors and to close and reopen them. This is meant to
154 facilitate log rolling with programs like logrotate.
155
156 SIGUSR1
157 Tells the SSSD to simulate offline operation for the duration of
158 the “offline_timeout” parameter. This is useful for testing. The
159 signal can be sent to either the sssd process or any sssd_be
160 process directly.
161
162 SIGUSR2
163 Tells the SSSD to go online immediately. This is useful for
164 testing. The signal can be sent to either the sssd process or any
165 sssd_be process directly.
166
168 If the environment variable SSS_NSS_USE_MEMCACHE is set to "NO", client
169 applications will not use the fast in-memory cache.
170
171 If the environment variable SSS_LOCKFREE is set to "NO", requests from
172 multiple threads of a single application will be serialized.
173
175 sssd(8), sssd.conf(5), sssd-ldap(5), sssd-ldap-attributes(5), sssd-
176 krb5(5), sssd-simple(5), sssd-ipa(5), sssd-ad(5), sssd-files(5), sssd-
177 sudo(5), sssd-session-recording(5), sss_cache(8), sss_debuglevel(8),
178 sss_obfuscate(8), sss_seed(8), sssd_krb5_locator_plugin(8),
179 sss_ssh_authorizedkeys(8), sss_ssh_knownhostsproxy(8), sssd-ifp(5),
180 pam_sss(8). sss_rpcidmapd(5) sssd-systemtap(5)
181
183 The SSSD upstream - https://github.com/SSSD/sssd/
184
185
186
187SSSD 11/15/2023 SSSD(8)