src/man/sssd-ifp.5.xml

	sssd-ifp.5.xml revision 770dc892f867639f36f84455d65be6287935a529
cb4d5b588e704114b7090678752d33512baa718eJakub Hrozek<?xml version="1.0" encoding="UTF-8"?>
cb4d5b588e704114b7090678752d33512baa718eJakub Hrozek<!DOCTYPE reference PUBLIC "-//OASIS//DTD DocBook V4.4//EN"
cb4d5b588e704114b7090678752d33512baa718eJakub Hrozek"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
cb4d5b588e704114b7090678752d33512baa718eJakub Hrozek<reference>
cb4d5b588e704114b7090678752d33512baa718eJakub Hrozek<title>SSSD Manual pages</title>
cb4d5b588e704114b7090678752d33512baa718eJakub Hrozek<refentry>
cb4d5b588e704114b7090678752d33512baa718eJakub Hrozek    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/upstream.xml" />
cb4d5b588e704114b7090678752d33512baa718eJakub Hrozek
cb4d5b588e704114b7090678752d33512baa718eJakub Hrozek    <refmeta>
cb4d5b588e704114b7090678752d33512baa718eJakub Hrozek        <refentrytitle>sssd-ifp</refentrytitle>
cb4d5b588e704114b7090678752d33512baa718eJakub Hrozek        <manvolnum>5</manvolnum>
cb4d5b588e704114b7090678752d33512baa718eJakub Hrozek        <refmiscinfo class="manual">File Formats and Conventions</refmiscinfo>
cb4d5b588e704114b7090678752d33512baa718eJakub Hrozek    </refmeta>
cb4d5b588e704114b7090678752d33512baa718eJakub Hrozek
cb4d5b588e704114b7090678752d33512baa718eJakub Hrozek    <refnamediv id='name'>
cb4d5b588e704114b7090678752d33512baa718eJakub Hrozek        <refname>sssd-ifp</refname>
cb4d5b588e704114b7090678752d33512baa718eJakub Hrozek        <refpurpose>SSSD InfoPipe responder</refpurpose>
cb4d5b588e704114b7090678752d33512baa718eJakub Hrozek    </refnamediv>
cb4d5b588e704114b7090678752d33512baa718eJakub Hrozek
cb4d5b588e704114b7090678752d33512baa718eJakub Hrozek    <refsect1 id='description'>
cb4d5b588e704114b7090678752d33512baa718eJakub Hrozek        <title>DESCRIPTION</title>
cb4d5b588e704114b7090678752d33512baa718eJakub Hrozek        <para>
cb4d5b588e704114b7090678752d33512baa718eJakub Hrozek            This manual page describes the configuration of the InfoPipe responder
cb4d5b588e704114b7090678752d33512baa718eJakub Hrozek            for
cb4d5b588e704114b7090678752d33512baa718eJakub Hrozek            <citerefentry>
cb4d5b588e704114b7090678752d33512baa718eJakub Hrozek                <refentrytitle>sssd</refentrytitle>
cb4d5b588e704114b7090678752d33512baa718eJakub Hrozek                <manvolnum>8</manvolnum>
cb4d5b588e704114b7090678752d33512baa718eJakub Hrozek            </citerefentry>.
cb4d5b588e704114b7090678752d33512baa718eJakub Hrozek            For a detailed syntax reference, refer to the <quote>FILE FORMAT</quote> section of the
cb4d5b588e704114b7090678752d33512baa718eJakub Hrozek            <citerefentry>
cb4d5b588e704114b7090678752d33512baa718eJakub Hrozek                <refentrytitle>sssd.conf</refentrytitle>
cb4d5b588e704114b7090678752d33512baa718eJakub Hrozek                <manvolnum>5</manvolnum>
cb4d5b588e704114b7090678752d33512baa718eJakub Hrozek            </citerefentry> manual page.
cb4d5b588e704114b7090678752d33512baa718eJakub Hrozek        </para>
cb4d5b588e704114b7090678752d33512baa718eJakub Hrozek        <para>
cb4d5b588e704114b7090678752d33512baa718eJakub Hrozek            The InfoPipe responder provides a public D-Bus interface
cb4d5b588e704114b7090678752d33512baa718eJakub Hrozek            accessible over the system bus. The interface allows the user
cb4d5b588e704114b7090678752d33512baa718eJakub Hrozek            to query information about remote users and groups over the
cb4d5b588e704114b7090678752d33512baa718eJakub Hrozek            system bus.
cb4d5b588e704114b7090678752d33512baa718eJakub Hrozek        </para>
cb4d5b588e704114b7090678752d33512baa718eJakub Hrozek    </refsect1>
cb4d5b588e704114b7090678752d33512baa718eJakub Hrozek
3660f49f81e4db07be66fe0887af9d62065f1f2cJakub Hrozek    <refsect1 id='configuration-options'>
3660f49f81e4db07be66fe0887af9d62065f1f2cJakub Hrozek        <title>CONFIGURATION OPTIONS</title>
3660f49f81e4db07be66fe0887af9d62065f1f2cJakub Hrozek            <para>
3660f49f81e4db07be66fe0887af9d62065f1f2cJakub Hrozek                These options can be used to configure the InfoPipe responder.
3660f49f81e4db07be66fe0887af9d62065f1f2cJakub Hrozek            </para>
3660f49f81e4db07be66fe0887af9d62065f1f2cJakub Hrozek            <variablelist>
3660f49f81e4db07be66fe0887af9d62065f1f2cJakub Hrozek                <varlistentry>
3660f49f81e4db07be66fe0887af9d62065f1f2cJakub Hrozek                    <term>allowed_uids (string)</term>
3660f49f81e4db07be66fe0887af9d62065f1f2cJakub Hrozek                    <listitem>
3660f49f81e4db07be66fe0887af9d62065f1f2cJakub Hrozek                        <para>
3660f49f81e4db07be66fe0887af9d62065f1f2cJakub Hrozek                            Specifies the comma-separated list of UID values or
3660f49f81e4db07be66fe0887af9d62065f1f2cJakub Hrozek                            user names that are allowed to access the InfoPipe
3660f49f81e4db07be66fe0887af9d62065f1f2cJakub Hrozek                            responder. User names are resolved to UIDs at
3660f49f81e4db07be66fe0887af9d62065f1f2cJakub Hrozek                            startup.
3660f49f81e4db07be66fe0887af9d62065f1f2cJakub Hrozek                        </para>
3660f49f81e4db07be66fe0887af9d62065f1f2cJakub Hrozek                        <para>
3660f49f81e4db07be66fe0887af9d62065f1f2cJakub Hrozek                            Default: 0 (only the root user is allowed to access
3660f49f81e4db07be66fe0887af9d62065f1f2cJakub Hrozek                            the InfoPipe responder)
3660f49f81e4db07be66fe0887af9d62065f1f2cJakub Hrozek                        </para>
3660f49f81e4db07be66fe0887af9d62065f1f2cJakub Hrozek                        <para>
3660f49f81e4db07be66fe0887af9d62065f1f2cJakub Hrozek                            Please note that although the UID 0 is used as the
3660f49f81e4db07be66fe0887af9d62065f1f2cJakub Hrozek                            default it will be overwritten with this option. If
3660f49f81e4db07be66fe0887af9d62065f1f2cJakub Hrozek                            you still want to allow the root user to access the
3660f49f81e4db07be66fe0887af9d62065f1f2cJakub Hrozek                            InfoPipe responder, which would be the typical
3660f49f81e4db07be66fe0887af9d62065f1f2cJakub Hrozek                            case, you have to add 0 to the list of allowed UIDs
3660f49f81e4db07be66fe0887af9d62065f1f2cJakub Hrozek                            as well.
3660f49f81e4db07be66fe0887af9d62065f1f2cJakub Hrozek                        </para>
3660f49f81e4db07be66fe0887af9d62065f1f2cJakub Hrozek                    </listitem>
3660f49f81e4db07be66fe0887af9d62065f1f2cJakub Hrozek                </varlistentry>
770dc892f867639f36f84455d65be6287935a529Jakub Hrozek
770dc892f867639f36f84455d65be6287935a529Jakub Hrozek                <varlistentry>
770dc892f867639f36f84455d65be6287935a529Jakub Hrozek                    <term>user_attributes (string)</term>
770dc892f867639f36f84455d65be6287935a529Jakub Hrozek                    <listitem>
770dc892f867639f36f84455d65be6287935a529Jakub Hrozek                        <para>
770dc892f867639f36f84455d65be6287935a529Jakub Hrozek                            Specifies the comma-separated list of white
770dc892f867639f36f84455d65be6287935a529Jakub Hrozek                            or blacklisted attributes.
770dc892f867639f36f84455d65be6287935a529Jakub Hrozek                        </para>
770dc892f867639f36f84455d65be6287935a529Jakub Hrozek                        <para>
770dc892f867639f36f84455d65be6287935a529Jakub Hrozek                            By default, the InfoPipe responder only
770dc892f867639f36f84455d65be6287935a529Jakub Hrozek                            allows the default set of POSIX attributes to
770dc892f867639f36f84455d65be6287935a529Jakub Hrozek                            be requested. This set is the same as returned by
770dc892f867639f36f84455d65be6287935a529Jakub Hrozek                            <citerefentry>
770dc892f867639f36f84455d65be6287935a529Jakub Hrozek                                <refentrytitle>getpwnam</refentrytitle>
770dc892f867639f36f84455d65be6287935a529Jakub Hrozek                                <manvolnum>3</manvolnum>
770dc892f867639f36f84455d65be6287935a529Jakub Hrozek                            </citerefentry>
770dc892f867639f36f84455d65be6287935a529Jakub Hrozek                            and includes:
770dc892f867639f36f84455d65be6287935a529Jakub Hrozek                            <variablelist>
770dc892f867639f36f84455d65be6287935a529Jakub Hrozek                                <varlistentry>
770dc892f867639f36f84455d65be6287935a529Jakub Hrozek                                    <term>name</term>
770dc892f867639f36f84455d65be6287935a529Jakub Hrozek                                    <listitem><para>user's login name</para></listitem>
770dc892f867639f36f84455d65be6287935a529Jakub Hrozek                                </varlistentry>
770dc892f867639f36f84455d65be6287935a529Jakub Hrozek                                <varlistentry>
770dc892f867639f36f84455d65be6287935a529Jakub Hrozek                                    <term>uidNumber</term>
770dc892f867639f36f84455d65be6287935a529Jakub Hrozek                                    <listitem><para>user ID</para></listitem>
770dc892f867639f36f84455d65be6287935a529Jakub Hrozek                                </varlistentry>
770dc892f867639f36f84455d65be6287935a529Jakub Hrozek                                <varlistentry>
770dc892f867639f36f84455d65be6287935a529Jakub Hrozek                                    <term>gidNumber</term>
770dc892f867639f36f84455d65be6287935a529Jakub Hrozek                                    <listitem><para>primary group ID</para></listitem>
770dc892f867639f36f84455d65be6287935a529Jakub Hrozek                                </varlistentry>
770dc892f867639f36f84455d65be6287935a529Jakub Hrozek                                <varlistentry>
770dc892f867639f36f84455d65be6287935a529Jakub Hrozek                                    <term>gecos</term>
770dc892f867639f36f84455d65be6287935a529Jakub Hrozek                                    <listitem><para>user information, typically full name</para></listitem>
770dc892f867639f36f84455d65be6287935a529Jakub Hrozek                                </varlistentry>
770dc892f867639f36f84455d65be6287935a529Jakub Hrozek                                <varlistentry>
770dc892f867639f36f84455d65be6287935a529Jakub Hrozek                                    <term>homeDirectory</term>
770dc892f867639f36f84455d65be6287935a529Jakub Hrozek                                    <listitem><para>home directory</para></listitem>
770dc892f867639f36f84455d65be6287935a529Jakub Hrozek                                </varlistentry>
770dc892f867639f36f84455d65be6287935a529Jakub Hrozek                                <varlistentry>
770dc892f867639f36f84455d65be6287935a529Jakub Hrozek                                    <term>loginShell</term>
770dc892f867639f36f84455d65be6287935a529Jakub Hrozek                                    <listitem><para>user shell</para></listitem>
770dc892f867639f36f84455d65be6287935a529Jakub Hrozek                                </varlistentry>
770dc892f867639f36f84455d65be6287935a529Jakub Hrozek                            </variablelist>
770dc892f867639f36f84455d65be6287935a529Jakub Hrozek                        </para>
770dc892f867639f36f84455d65be6287935a529Jakub Hrozek                        <para>
770dc892f867639f36f84455d65be6287935a529Jakub Hrozek                            It is possible to add another attribute to
770dc892f867639f36f84455d65be6287935a529Jakub Hrozek                            this set by using <quote>+attr_name</quote>
770dc892f867639f36f84455d65be6287935a529Jakub Hrozek                            or explicitly remove an attribute using
770dc892f867639f36f84455d65be6287935a529Jakub Hrozek                            <quote>-attr_name</quote>. For example, to
770dc892f867639f36f84455d65be6287935a529Jakub Hrozek                            allow <quote>telephoneNumber</quote> but deny
770dc892f867639f36f84455d65be6287935a529Jakub Hrozek                            <quote>loginShell</quote>, you would use the
770dc892f867639f36f84455d65be6287935a529Jakub Hrozek                            following configuration:
770dc892f867639f36f84455d65be6287935a529Jakub Hrozek                        <programlisting>
770dc892f867639f36f84455d65be6287935a529Jakub Hrozekuser_attributes = +telephoneNumber, -loginShell
770dc892f867639f36f84455d65be6287935a529Jakub Hrozek                        </programlisting>
770dc892f867639f36f84455d65be6287935a529Jakub Hrozek                        </para>
770dc892f867639f36f84455d65be6287935a529Jakub Hrozek                        <para>
770dc892f867639f36f84455d65be6287935a529Jakub Hrozek                            Default: not set. Only the default set of
770dc892f867639f36f84455d65be6287935a529Jakub Hrozek                            POSIX attributes is allowed.
770dc892f867639f36f84455d65be6287935a529Jakub Hrozek                        </para>
770dc892f867639f36f84455d65be6287935a529Jakub Hrozek                    </listitem>
770dc892f867639f36f84455d65be6287935a529Jakub Hrozek                </varlistentry>
3660f49f81e4db07be66fe0887af9d62065f1f2cJakub Hrozek            </variablelist>
3660f49f81e4db07be66fe0887af9d62065f1f2cJakub Hrozek    </refsect1>
3660f49f81e4db07be66fe0887af9d62065f1f2cJakub Hrozek
cb4d5b588e704114b7090678752d33512baa718eJakub Hrozek    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/seealso.xml" />
cb4d5b588e704114b7090678752d33512baa718eJakub Hrozek
cb4d5b588e704114b7090678752d33512baa718eJakub Hrozek</refentry>
cb4d5b588e704114b7090678752d33512baa718eJakub Hrozek</reference>