'\" t
.\"     Title: sss_override
.\"    Author: The SSSD upstream - https://pagure.io/SSSD/sssd/
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\"      Date: 02/21/2020
.\"    Manual: SSSD Manual pages
.\"    Source: SSSD
.\"  Language: English
.\"
.TH "SSS_OVERRIDE" "8" "02/21/2020" "SSSD" "SSSD Manual pages"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
sss_override \- create local overrides of user and group attributes
.SH "SYNOPSIS"
.HP \w'\fBsss_override\fR\ 'u
\fBsss_override\fR \fICOMMAND\fR [\fIoptions\fR]
.SH "DESCRIPTION"
.PP
\fBsss_override\fR
enables to create a client\-side view and allows to change selected values of specific user and groups\&. This change takes effect only on local machine\&.
.PP
Overrides data are stored in the SSSD cache\&. If the cache is deleted, all local overrides are lost\&. Please note that after the first override is created using any of the following
\fIuser\-add\fR,
\fIgroup\-add\fR,
\fIuser\-import\fR
or
\fIgroup\-import\fR
command\&. SSSD needs to be restarted to take effect\&.
\fIsss_override\fR
prints message when a restart is required\&.
.SH "AVAILABLE COMMANDS"
.PP
Argument
\fINAME\fR
is the name of original object in all commands\&. It is not possible to override
\fIuid\fR
or
\fIgid\fR
to 0\&.
.PP
\fBuser\-add\fR \fINAME\fR [\fB\-n,\-\-name\fR NAME] [\fB\-u,\-\-uid\fR UID] [\fB\-g,\-\-gid\fR GID] [\fB\-h,\-\-home\fR HOME] [\fB\-s,\-\-shell\fR SHELL] [\fB\-c,\-\-gecos\fR GECOS] [\fB\-x,\-\-certificate\fR BASE64 ENCODED CERTIFICATE]
.RS 4
Override attributes of an user\&. Please be aware that calling this command will replace any previous override for the (NAMEd) user\&.
.RE
.PP
\fBuser\-del\fR \fINAME\fR
.RS 4
Remove user overrides\&. However be aware that overridden attributes might be returned from memory cache\&. Please see SSSD option
\fImemcache_timeout\fR
for more details\&.
.RE
.PP
\fBuser\-find\fR [\fB\-d,\-\-domain\fR DOMAIN]
.RS 4
List all users with set overrides\&. If
\fIDOMAIN\fR
parameter is set, only users from the domain are listed\&.
.RE
.PP
\fBuser\-show\fR \fINAME\fR
.RS 4
Show user overrides\&.
.RE
.PP
\fBuser\-import\fR \fIFILE\fR
.RS 4
Import user overrides from
\fIFILE\fR\&. Data format is similar to standard passwd file\&. The format is:
.sp
original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate
.sp
where original_name is original name of the user whose attributes should be overridden\&. The rest of fields correspond to new values\&. You can omit a value simply by leaving corresponding field empty\&.
.sp
Examples:
.sp
ckent:superman::::::
.sp
ckent@krypton\&.com::501:501:Superman:/home/earth:/bin/bash:
.RE
.PP
\fBuser\-export\fR \fIFILE\fR
.RS 4
Export all overridden attributes and store them in
\fIFILE\fR\&. See
\fIuser\-import\fR
for data format\&.
.RE
.PP
\fBgroup\-add\fR \fINAME\fR [\fB\-n,\-\-name\fR NAME] [\fB\-g,\-\-gid\fR GID]
.RS 4
Override attributes of a group\&. Please be aware that calling this command will replace any previous override for the (NAMEd) group\&.
.RE
.PP
\fBgroup\-del\fR \fINAME\fR
.RS 4
Remove group overrides\&. However be aware that overridden attributes might be returned from memory cache\&. Please see SSSD option
\fImemcache_timeout\fR
for more details\&.
.RE
.PP
\fBgroup\-find\fR [\fB\-d,\-\-domain\fR DOMAIN]
.RS 4
List all groups with set overrides\&. If
\fIDOMAIN\fR
parameter is set, only groups from the domain are listed\&.
.RE
.PP
\fBgroup\-show\fR \fINAME\fR
.RS 4
Show group overrides\&.
.RE
.PP
\fBgroup\-import\fR \fIFILE\fR
.RS 4
Import group overrides from
\fIFILE\fR\&. Data format is similar to standard group file\&. The format is:
.sp
original_name:name:gid
.sp
where original_name is original name of the group whose attributes should be overridden\&. The rest of fields correspond to new values\&. You can omit a value simply by leaving corresponding field empty\&.
.sp
Examples:
.sp
admins:administrators:
.sp
Domain Users:Users:501
.RE
.PP
\fBgroup\-export\fR \fIFILE\fR
.RS 4
Export all overridden attributes and store them in
\fIFILE\fR\&. See
\fIgroup\-import\fR
for data format\&.
.RE
.SH "COMMON OPTIONS"
.PP
Those options are available with all commands\&.
.PP
\fB\-\-debug\fR \fILEVEL\fR
.RS 4
SSSD supports two representations for specifying the debug level\&. The simplest is to specify a decimal value from 0\-9, which represents enabling that level and all lower\-level debug messages\&. The more comprehensive option is to specify a hexadecimal bitmask to enable or disable specific levels (such as if you wish to suppress a level)\&.
.sp
Currently supported debug levels:
.sp
\fI0\fR,
\fI0x0010\fR: Fatal failures\&. Anything that would prevent SSSD from starting up or causes it to cease running\&.
.sp
\fI1\fR,
\fI0x0020\fR: Critical failures\&. An error that doesn\*(Aqt kill SSSD, but one that indicates that at least one major feature is not going to work properly\&.
.sp
\fI2\fR,
\fI0x0040\fR: Serious failures\&. An error announcing that a particular request or operation has failed\&.
.sp
\fI3\fR,
\fI0x0080\fR: Minor failures\&. These are the errors that would percolate down to cause the operation failure of 2\&.
.sp
\fI4\fR,
\fI0x0100\fR: Configuration settings\&.
.sp
\fI5\fR,
\fI0x0200\fR: Function data\&.
.sp
\fI6\fR,
\fI0x0400\fR: Trace messages for operation functions\&.
.sp
\fI7\fR,
\fI0x1000\fR: Trace messages for internal control functions\&.
.sp
\fI8\fR,
\fI0x2000\fR: Contents of function\-internal variables that may be interesting\&.
.sp
\fI9\fR,
\fI0x4000\fR: Extremely low\-level tracing information\&.
.sp
To log required bitmask debug levels, simply add their numbers together as shown in following examples:
.sp
\fIExample\fR: To log fatal failures, critical failures, serious failures and function data use 0x0270\&.
.sp
\fIExample\fR: To log fatal failures, configuration settings, function data, trace messages for internal control functions use 0x1310\&.
.sp
\fINote\fR: The bitmask format of debug levels was introduced in 1\&.7\&.0\&.
.sp
\fIDefault\fR: 0
.RE
.SH "SEE ALSO"
.PP
\fBsssd\fR(8),
\fBsssd.conf\fR(5),
\fBsssd-ldap\fR(5),
\fBsssd-krb5\fR(5),
\fBsssd-simple\fR(5),
\fBsssd-ipa\fR(5),
\fBsssd-ad\fR(5),
\fBsssd-sudo\fR(5),
\fBsssd-secrets\fR(5),
\fBsssd-session-recording\fR(5),
\fBsss_cache\fR(8),
\fBsss_debuglevel\fR(8),
\fBsss_groupadd\fR(8),
\fBsss_groupdel\fR(8),
\fBsss_groupshow\fR(8),
\fBsss_groupmod\fR(8),
\fBsss_useradd\fR(8),
\fBsss_userdel\fR(8),
\fBsss_usermod\fR(8),
\fBsss_obfuscate\fR(8),
\fBsss_seed\fR(8),
\fBsssd_krb5_locator_plugin\fR(8),
\fBsss_ssh_authorizedkeys\fR(8), \fBsss_ssh_knownhostsproxy\fR(8),
\fBsssd-ifp\fR(5),
\fBpam_sss\fR(8)\&.
\fBsss_rpcidmapd\fR(5)
\fBsssd-systemtap\fR(5)
.SH "AUTHORS"
.PP
\fBThe SSSD upstream \- https://pagure\&.io/SSSD/sssd/\fR