The files provider mirrors the content of the passwd(5) and group(5) files. The purpose of the files provider is to make the users and groups traditionally only accessible with NSS interfaces also available through the SSSD interfaces such as sssd-ifp(5).
Another reason is to provide efficient caching of local users and groups.
Please note that some distributions enable the files domain automatically, prepending the domain before any explicitly configured domains. See enable_files_domain in sssd.conf(5).
SSSD never handles resolution of user/group "root". Also resolution of UID/GID 0 is not handled by SSSD. Such requests are passed to next NSS module (usually files).
In addition to the options listed below, generic SSSD domain options can be set where applicable. Refer to the section "DOMAIN SECTIONS" of the sssd.conf(5) manual page for details on the configuration of an SSSD domain. But the purpose of the files provider is to expose the same data as the UNIX files, just through the SSSD interfaces. Therefore not all generic domain options are supported. Likewise, some global options, such as overriding the shell in the "nss" section for all domains has no effect on the files domain unless explicitly specified per-domain.
The following example assumes that SSSD is correctly configured and files is one of the domains in the [sssd] section.
[domain/files] id_provider = files
To leverage caching of local users and groups by SSSD nss_sss module must be listed before nss_files module in /etc/nsswitch.conf.
passwd: sss files group: sss files
sssd(8), sssd.conf(5), sssd-ldap(5), sssd-krb5(5), sssd-simple(5), sssd-ipa(5), sssd-ad(5), sssd-files(5), sssd-sudo(5), sssd-session-recording(5), sss_cache(8), sss_debuglevel(8), sss_obfuscate(8), sss_seed(8), sssd_krb5_locator_plugin(8), sss_ssh_authorizedkeys(8), sss_ssh_knownhostsproxy(8), sssd-ifp(5), pam_sss(8). sss_rpcidmapd(5) sssd-systemtap(5)
The SSSD upstream - https://pagure.io/SSSD/sssd/