Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

sssd-simple(5) [centos man page]

SSSD-SIMPLE(5)						   File Formats and Conventions 					    SSSD-SIMPLE(5)

NAME
sssd-simple - the configuration file for SSSD's 'simple' access-control provider DESCRIPTION
This manual page describes the configuration of the simple access-control provider for sssd(8). For a detailed syntax reference, refer to the "FILE FORMAT" section of the sssd.conf(5) manual page. The simple access provider grants or denies access based on an access or deny list of user or group names. The following rules apply: o If all lists are empty, access is granted o If any list is provided, the order of evaluation is allow,deny. This means that any matching deny rule will supersede any matched allow rule. o If either or both "allow" lists are provided, all users are denied unless they appear in the list. o If only "deny" lists are provided, all users are granted access unless they appear in the list. CONFIGURATION OPTIONS
Refer to the section "DOMAIN SECTIONS" of the sssd.conf(5) manual page for details on the configuration of an SSSD domain. simple_allow_users (string) Comma separated list of users who are allowed to log in. simple_deny_users (string) Comma separated list of users who are explicitly denied access. simple_allow_groups (string) Comma separated list of groups that are allowed to log in. This applies only to groups within this SSSD domain. Local groups are not evaluated. simple_deny_groups (string) Comma separated list of groups that are explicitly denied access. This applies only to groups within this SSSD domain. Local groups are not evaluated. Specifying no values for any of the lists is equivalent to skipping it entirely. Beware of this while generating parameters for the simple provider using automated scripts. Please note that it is an configuration error if both, simple_allow_users and simple_deny_users, are defined. EXAMPLE
The following example assumes that SSSD is correctly configured and example.com is one of the domains in the [sssd] section. This examples shows only the simple access provider-specific options. [domain/example.com] access_provider = simple simple_allow_users = user1, user2 SEE ALSO
sssd(8), sssd.conf(5), sssd-ldap(5), sssd-krb5(5), sssd-simple(5), sssd-ipa(5), sssd-ad(5), sssd-sudo(5),sss_cache(8), sss_debuglevel(8), sss_groupadd(8), sss_groupdel(8), sss_groupshow(8), sss_groupmod(8), sss_useradd(8), sss_userdel(8), sss_usermod(8), sss_obfuscate(8), sss_seed(8), sssd_krb5_locator_plugin(8), sss_ssh_authorizedkeys(8), sss_ssh_knownhostsproxy(8),pam_sss(8). AUTHORS
The SSSD upstream - http://fedorahosted.org/sssd SSSD
06/17/2014 SSSD-SIMPLE(5)

Check Out this Related Man Page

SSS_USERMOD(8)							 SSSD Manual pages						    SSS_USERMOD(8)

NAME
sss_usermod - modify a user account SYNOPSIS
sss_usermod [options] LOGIN DESCRIPTION
sss_usermod modifies the account specified by LOGIN to reflect the changes that are specified on the command line. OPTIONS
-c,--gecos COMMENT Any text string describing the user. Often used as the field for the user's full name. -h,--home HOME_DIR The home directory of the user account. -s,--shell SHELL The user's login shell. -a,--append-group GROUPS Append this user to groups specified by the GROUPS parameter. The GROUPS parameter is a comma separated list of group names. -r,--remove-group GROUPS Remove this user from groups specified by the GROUPS parameter. -l,--lock Lock the user account. The user won't be able to log in. -u,--unlock Unlock the user account. -Z,--selinux-user SELINUX_USER The SELinux user for the user's login. -?,--help Display help message and exit. THE LOCAL DOMAIN
In order to function correctly, a domain with "id_provider=local" must be created and the SSSD must be running. The administrator might want to use the SSSD local users instead of traditional UNIX users in cases where the group nesting (see sss_groupadd(8)) is needed. The local users are also useful for testing and development of the SSSD without having to deploy a full remote server. The sss_user* and sss_group* tools use a local LDB storage to store users and groups. SEE ALSO
sssd(8), sssd.conf(5), sssd-ldap(5), sssd-krb5(5), sssd-simple(5), sssd-ipa(5), sssd-ad(5), sssd-sudo(5),sss_cache(8), sss_debuglevel(8), sss_groupadd(8), sss_groupdel(8), sss_groupshow(8), sss_groupmod(8), sss_useradd(8), sss_userdel(8), sss_usermod(8), sss_obfuscate(8), sss_seed(8), sssd_krb5_locator_plugin(8), sss_ssh_authorizedkeys(8), sss_ssh_knownhostsproxy(8),pam_sss(8). AUTHORS
The SSSD upstream - http://fedorahosted.org/sssd SSSD
06/17/2014 SSS_USERMOD(8)
Man Page