1SSS_OVERRIDE(8) SSSD Manual pages SSS_OVERRIDE(8)
2
3
4
6 sss_override - create local overrides of user and group attributes
7
9 sss_override COMMAND [options]
10
12 sss_override enables to create a client-side view and allows to change
13 selected values of specific user and groups. This change takes effect
14 only on local machine.
15
16 Overrides data are stored in the SSSD cache. If the cache is deleted,
17 all local overrides are lost. Please note that after the first override
18 is created using any of the following user-add, group-add, user-import
19 or group-import command. SSSD needs to be restarted to take effect.
20 sss_override prints message when a restart is required.
21
22 NOTE: The options provided in this man page only work with “ldap” and
23 “AD” “ id_provider”. IPA overrides can be managed centrally on the IPA
24 server.
25
27 Argument NAME is the name of original object in all commands. It is not
28 possible to override uid or gid to 0.
29
30 user-add NAME [-n,--name NAME] [-u,--uid UID] [-g,--gid GID] [-h,--home
31 HOME] [-s,--shell SHELL] [-c,--gecos GECOS] [-x,--certificate BASE64
32 ENCODED CERTIFICATE]
33 Override attributes of an user. Please be aware that calling this
34 command will replace any previous override for the (NAMEd) user.
35
36 user-del NAME
37 Remove user overrides. However be aware that overridden attributes
38 might be returned from memory cache. Please see SSSD option
39 memcache_timeout for more details.
40
41 user-find [-d,--domain DOMAIN]
42 List all users with set overrides. If DOMAIN parameter is set, only
43 users from the domain are listed.
44
45 user-show NAME
46 Show user overrides.
47
48 user-import FILE
49 Import user overrides from FILE. Data format is similar to standard
50 passwd file. The format is:
51
52 original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate
53
54 where original_name is original name of the user whose attributes
55 should be overridden. The rest of fields correspond to new values.
56 You can omit a value simply by leaving corresponding field empty.
57
58 Examples:
59
60 ckent:superman::::::
61
62 ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:
63
64 user-export FILE
65 Export all overridden attributes and store them in FILE. See
66 user-import for data format.
67
68 group-add NAME [-n,--name NAME] [-g,--gid GID]
69 Override attributes of a group. Please be aware that calling this
70 command will replace any previous override for the (NAMEd) group.
71
72 group-del NAME
73 Remove group overrides. However be aware that overridden attributes
74 might be returned from memory cache. Please see SSSD option
75 memcache_timeout for more details.
76
77 group-find [-d,--domain DOMAIN]
78 List all groups with set overrides. If DOMAIN parameter is set,
79 only groups from the domain are listed.
80
81 group-show NAME
82 Show group overrides.
83
84 group-import FILE
85 Import group overrides from FILE. Data format is similar to
86 standard group file. The format is:
87
88 original_name:name:gid
89
90 where original_name is original name of the group whose attributes
91 should be overridden. The rest of fields correspond to new values.
92 You can omit a value simply by leaving corresponding field empty.
93
94 Examples:
95
96 admins:administrators:
97
98 Domain Users:Users:501
99
100 group-export FILE
101 Export all overridden attributes and store them in FILE. See
102 group-import for data format.
103
105 Those options are available with all commands.
106
107 --debug LEVEL
108 SSSD supports two representations for specifying the debug level.
109 The simplest is to specify a decimal value from 0-9, which
110 represents enabling that level and all lower-level debug messages.
111 The more comprehensive option is to specify a hexadecimal bitmask
112 to enable or disable specific levels (such as if you wish to
113 suppress a level).
114
115 Currently supported debug levels:
116
117 0, 0x0010: Fatal failures. Anything that would prevent SSSD from
118 starting up or causes it to cease running.
119
120 1, 0x0020: Critical failures. An error that doesn't kill SSSD, but
121 one that indicates that at least one major feature is not going to
122 work properly.
123
124 2, 0x0040: Serious failures. An error announcing that a particular
125 request or operation has failed.
126
127 3, 0x0080: Minor failures. These are the errors that would
128 percolate down to cause the operation failure of 2.
129
130 4, 0x0100: Configuration settings.
131
132 5, 0x0200: Function data.
133
134 6, 0x0400: Trace messages for operation functions.
135
136 7, 0x1000: Trace messages for internal control functions.
137
138 8, 0x2000: Contents of function-internal variables that may be
139 interesting.
140
141 9, 0x4000: Extremely low-level tracing information.
142
143 10, 0x10000: Even more low-level libldb tracing information. Almost
144 never really required.
145
146 To log required bitmask debug levels, simply add their numbers
147 together as shown in following examples:
148
149 Example: To log fatal failures, critical failures, serious failures
150 and function data use 0x0270.
151
152 Example: To log fatal failures, configuration settings, function
153 data, trace messages for internal control functions use 0x1310.
154
155 Note: The bitmask format of debug levels was introduced in 1.7.0.
156
157 Default: 0x0070 (i.e. fatal, critical and serious failures;
158 corresponds to setting 2 in decimal notation)
159
161 sssd(8), sssd.conf(5), sssd-ldap(5), sssd-ldap-attributes(5), sssd-
162 krb5(5), sssd-simple(5), sssd-ipa(5), sssd-ad(5), sssd-files(5), sssd-
163 sudo(5), sssd-session-recording(5), sss_cache(8), sss_debuglevel(8),
164 sss_obfuscate(8), sss_seed(8), sssd_krb5_locator_plugin(8),
165 sss_ssh_authorizedkeys(8), sss_ssh_knownhostsproxy(8), sssd-ifp(5),
166 pam_sss(8). sss_rpcidmapd(5) sssd-systemtap(5)
167
169 The SSSD upstream - https://github.com/SSSD/sssd/
170
171
172
173SSSD 11/15/2023 SSS_OVERRIDE(8)