Provided by: sssd-common_2.9.5-3ubuntu2_amd64 bug

NAME

       sssd-files - SSSD files provider

DESCRIPTION

       This manual page describes the files provider for sssd(8). For a detailed syntax
       reference, refer to the “FILE FORMAT” section of the sssd.conf(5) manual page.

       The files provider mirrors the content of the passwd(5) and group(5) files. The purpose of
       the files provider is to make the users and groups traditionally only accessible with NSS
       interfaces also available through the SSSD interfaces such as sssd-ifp(5).

       Another reason is to provide efficient caching of local users and groups.

       Please note that besides explicit domain definition the files provider can be configured
       also implicitly using 'enable_files_domain' option. See sssd.conf(5) for details.

       SSSD never handles resolution of user/group "root". Also resolution of UID/GID 0 is not
       handled by SSSD. Such requests are passed to next NSS module (usually files).

       When SSSD is not running or responding, nss_sss returns the UNAVAIL code which causes the
       request to be passed to the next module.

CONFIGURATION OPTIONS

       In addition to the options listed below, generic SSSD domain options can be set where
       applicable. Refer to the section “DOMAIN SECTIONS” of the sssd.conf(5) manual page for
       details on the configuration of an SSSD domain. But the purpose of the files provider is
       to expose the same data as the UNIX files, just through the SSSD interfaces. Therefore not
       all generic domain options are supported. Likewise, some global options, such as
       overriding the shell in the “nss” section for all domains has no effect on the files
       domain unless explicitly specified per-domain.

       passwd_files (string)
           Comma-separated list of one or multiple password filenames to be read and enumerated
           by the files provider, inotify monitor watches will be set on each file to detect
           changes dynamically.

           Default: /etc/passwd

       group_files (string)
           Comma-separated list of one or multiple group filenames to be read and enumerated by
           the files provider, inotify monitor watches will be set on each file to detect changes
           dynamically.

           Default: /etc/group

       fallback_to_nss (boolean)
           While updating the internal data SSSD will return an error and let the client continue
           with the next NSS module. This helps to avoid delays when using the default system
           files /etc/passwd and /etc/group and the NSS configuration has 'sss' before 'files'
           for the 'passwd' and 'group' maps.

           If the files provider is configured to monitor other files it makes sense to set this
           option to 'False' to avoid inconsistent behavior because in general there would be no
           other NSS module which can be used as a fallback.

           Default: True

EXAMPLE

       The following example assumes that SSSD is correctly configured and files is one of the
       domains in the [sssd] section.

           [domain/files]
           id_provider = files

       To leverage caching of local users and groups by SSSD nss_sss module must be listed before
       nss_files module in /etc/nsswitch.conf.

           passwd:     sss files
           group:      sss files

SEE ALSO

       sssd(8), sssd.conf(5), sssd-ldap(5), sssd-ldap-attributes(5), sssd-krb5(5), sssd-
       simple(5), sssd-ipa(5), sssd-ad(5), sssd-files(5), sssd-sudo(5), sssd-session-
       recording(5), sss_cache(8), sss_debuglevel(8), sss_obfuscate(8), sss_seed(8),
       sssd_krb5_locator_plugin(8), sss_ssh_authorizedkeys(8), sss_ssh_knownhostsproxy(8), sssd-
       ifp(5), pam_sss(8).  sss_rpcidmapd(5) sssd-systemtap(5)

AUTHORS

       The SSSD upstream - https://github.com/SSSD/sssd/