table of contents
SSS_OVERRIDE(8) | SSSD Manual pages | SSS_OVERRIDE(8) |
NAME¶
sss_override - create local overrides of user and group attributes
SYNOPSIS¶
sss_override COMMAND [options]
DESCRIPTION¶
sss_override enables to create a client-side view and allows to change selected values of specific user and groups. This change takes effect only on local machine.
Overrides data are stored in the SSSD cache. If the cache is deleted, all local overrides are lost. Please note that after the first override is created using any of the following user-add, group-add, user-import or group-import command. SSSD needs to be restarted to take effect. sss_override prints message when a restart is required.
NOTE: The options provided in this man page only work with “ldap” and “AD” “ id_provider”. IPA overrides can be managed centrally on the IPA server.
AVAILABLE COMMANDS¶
Argument NAME is the name of original object in all commands. It is not possible to override uid or gid to 0.
user-add NAME [-n,--name NAME] [-u,--uid UID] [-g,--gid GID] [-h,--home HOME] [-s,--shell SHELL] [-c,--gecos GECOS] [-x,--certificate BASE64 ENCODED CERTIFICATE]
user-del NAME
user-find [-d,--domain DOMAIN]
user-show NAME
user-import FILE
original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate
where original_name is original name of the user whose attributes should be overridden. The rest of fields correspond to new values. You can omit a value simply by leaving corresponding field empty.
Examples:
ckent:superman::::::
ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:
user-export FILE
group-add NAME [-n,--name NAME] [-g,--gid GID]
group-del NAME
group-find [-d,--domain DOMAIN]
group-show NAME
group-import FILE
original_name:name:gid
where original_name is original name of the group whose attributes should be overridden. The rest of fields correspond to new values. You can omit a value simply by leaving corresponding field empty.
Examples:
admins:administrators:
Domain Users:Users:501
group-export FILE
COMMON OPTIONS¶
Those options are available with all commands.
--debug LEVEL
Currently supported debug levels:
0, 0x0010: Fatal failures. Anything that would prevent SSSD from starting up or causes it to cease running.
1, 0x0020: Critical failures. An error that doesn't kill SSSD, but one that indicates that at least one major feature is not going to work properly.
2, 0x0040: Serious failures. An error announcing that a particular request or operation has failed.
3, 0x0080: Minor failures. These are the errors that would percolate down to cause the operation failure of 2.
4, 0x0100: Configuration settings.
5, 0x0200: Function data.
6, 0x0400: Trace messages for operation functions.
7, 0x1000: Trace messages for internal control functions.
8, 0x2000: Contents of function-internal variables that may be interesting.
9, 0x4000: Extremely low-level tracing information.
10, 0x10000: Even more low-level libldb tracing information. Almost never really required.
To log required bitmask debug levels, simply add their numbers together as shown in following examples:
Example: To log fatal failures, critical failures, serious failures and function data use 0x0270.
Example: To log fatal failures, configuration settings, function data, trace messages for internal control functions use 0x1310.
Note: The bitmask format of debug levels was introduced in 1.7.0.
Default: 0x0070 (i.e. fatal, critical and serious failures; corresponds to setting 2 in decimal notation)
SEE ALSO¶
sssd(8), sssd.conf(5), sssd-ldap(5), sssd-ldap-attributes(5), sssd-krb5(5), sssd-simple(5), sssd-ipa(5), sssd-ad(5), sssd-files(5), sssd-sudo(5), sssd-session-recording(5), sss_cache(8), sss_debuglevel(8), sss_obfuscate(8), sss_seed(8), sssd_krb5_locator_plugin(8), sss_ssh_authorizedkeys(8), sss_ssh_knownhostsproxy(8), sssd-ifp(5), pam_sss(8). sss_rpcidmapd(5) sssd-systemtap(5)
AUTHORS¶
The SSSD upstream - https://github.com/SSSD/sssd/
05/24/2024 | SSSD |