SSSD−SESSION−RECOR - Online Linux Manual PageSection : 5
Updated : 01/26/2023
Source : SSSD
Note : File Formats and Conventions
NAMEsssd-session-recording − Configuring session recording with SSSD
DESCRIPTIONThis manual page describes how to configure sssd(8) to work with tlog-rec-session(8), a part of tlog package, to implement user session recording on text terminals. For a detailed configuration syntax reference, refer to the ‟FILE FORMAT” section of the sssd.conf(5) manual page. SSSD can be set up to enable recording of everything specific users see or type during their sessions on text terminals. E.g. when users log in on the console, or via SSH. SSSD itself doesn't record anything, but makes sure tlog−rec−session is started upon user login, so it can record according to its configuration. For users with session recording enabled, SSSD replaces the user shell with tlog−rec−session in NSS responses, and adds a variable specifying the original shell to the user environment, upon PAM session setup. This way tlog−rec−session can be started in place of the user shell, and know which actual shell to start, once it set up the recording.
CONFIGURATION OPTIONSThese options can be used to configure the session recording. scope (string) One of the following strings specifying the scope of session recording: "none" No users are recorded. "some" Users/groups specified by users and groups options are recorded. "all" All users are recorded. Default: "none" users (string) A comma−separated list of users which should have session recording enabled. Matches user names as returned by NSS. I.e. after the possible space replacement, case changes, etc. Default: Empty. Matches no users. groups (string) A comma−separated list of groups, members of which should have session recording enabled. Matches group names as returned by NSS. I.e. after the possible space replacement, case changes, etc. NOTE: using this option (having it set to anything) has a considerable performance cost, because each uncached request for a user requires retrieving and matching the groups the user is member of. Default: Empty. Matches no groups. exclude_users (string) A comma−separated list of users to be excluded from recording, only applicable with 'scope=all'. Default: Empty. No users excluded. exclude_groups (string) A comma−separated list of groups, members of which should be excluded from recording. Only applicable with 'scope=all'. NOTE: using this option (having it set to anything) has a considerable performance cost, because each uncached request for a user requires retrieving and matching the groups the user is member of. Default: Empty. No groups excluded.
EXAMPLEThe following snippet of sssd.conf enables session recording for users "contractor1" and "contractor2", and group "students". [session_recording]
scope = some
users = contractor1, contractor2
groups = students
SEE ALSOsssd(8), sssd.conf(5), sssd-ldap(5), sssd-krb5(5), sssd-simple(5), sssd-ipa(5), sssd-ad(5), sssd-files(5), sssd-sudo(5), sssd-session-recording(5), sss_cache(8), sss_debuglevel(8), sss_obfuscate(8), sss_seed(8), sssd_krb5_locator_plugin(8), sss_ssh_authorizedkeys(8), sss_ssh_knownhostsproxy(8), sssd-ifp(5), pam_sss(8). sss_rpcidmapd(5) sssd-systemtap(5)
AUTHORSThe SSSD upstream − https://github.com/SSSD/sssd/ 0
Johanes Gumabo
Data Size : 13,342 byte
man-sssd-session-recording.5Build : 2024-12-05, 20:55 :
Visitor Screen : x
Visitor Counter ( page / site ) : 2 / 228,305
Visitor ID : :
Visitor IP : 3.145.65.133 :
Visitor Provider : AMAZON-02 :
Provider Position ( lat x lon ) : 39.962500 x -83.006100 : x
Provider Accuracy Radius ( km ) : 1000 :
Provider City : Columbus :
Provider Province : Ohio , : ,
Provider Country : United States :
Provider Continent : North America :
Visitor Recorder : Version :
Visitor Recorder : Library :
Online Linux Manual Page : Version : Online Linux Manual Page - Fedora.40 - march=x86-64 - mtune=generic - 24.12.05
Online Linux Manual Page : Library : lib_c - 24.10.03 - march=x86-64 - mtune=generic - Fedora.40
Online Linux Manual Page : Library : lib_m - 24.10.03 - march=x86-64 - mtune=generic - Fedora.40
Data Base : Version : Online Linux Manual Page Database - 24.04.13 - march=x86-64 - mtune=generic - fedora-38
Data Base : Library : lib_c - 23.02.07 - march=x86-64 - mtune=generic - fedora.36
Very long time ago, I have the best tutor, Wenzel Svojanovsky . If someone knows the email address of Wenzel Svojanovsky , please send an email to johanes_gumabo@yahoo.co.id .
If error, please print screen and send to johanes_gumabo@yahoo.co.id
Under development. Support me via PayPal.