summaryrefslogtreecommitdiff
path: root/docs/htmldocs/smbd.8.html
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2002-01-24 17:04:30 +0000
committerGerald Carter <jerry@samba.org>2002-01-24 17:04:30 +0000
commitca12d82eaf4c6bd498208a246ca8a1ca9f47c58b (patch)
tree5a00ce53ab16332f0c8501564d7e9dee187f145d /docs/htmldocs/smbd.8.html
parentdfed852520e3f7412576cb246198780d0993e7ea (diff)
downloadsamba-ca12d82eaf4c6bd498208a246ca8a1ca9f47c58b.tar.gz
samba-ca12d82eaf4c6bd498208a246ca8a1ca9f47c58b.tar.bz2
samba-ca12d82eaf4c6bd498208a246ca8a1ca9f47c58b.zip
merge from 2.2
(This used to be commit 2137c7163475691056fe1701b75128e238520b05)
Diffstat (limited to 'docs/htmldocs/smbd.8.html')
-rw-r--r--docs/htmldocs/smbd.8.html409
1 files changed, 26 insertions, 383 deletions
diff --git a/docs/htmldocs/smbd.8.html b/docs/htmldocs/smbd.8.html
index bfd3440d7b..72fc10e2e4 100644
--- a/docs/htmldocs/smbd.8.html
+++ b/docs/htmldocs/smbd.8.html
@@ -376,7 +376,12 @@ CLASS="COMMAND"
>inetd</B
> meta-daemon, this file
must contain suitable startup information for the
- meta-daemon. See the section INSTALLATION below.
+ meta-daemon. See the <A
+HREF="UNIX_INSTALL.html"
+TARGET="_top"
+>UNIX_INSTALL.html</A
+>
+ document for details.
</P
></DD
><DT
@@ -391,8 +396,12 @@ CLASS="FILENAME"
><P
>If running the server as a daemon at startup,
this file will need to contain an appropriate startup
- sequence for the server. See the section INSTALLATION
- below.</P
+ sequence for the server. See the <A
+HREF="UNIX_INSTALL.html"
+TARGET="_top"
+>UNIX_INSTALL.html</A
+>
+ document for details.</P
></DD
><DT
><TT
@@ -408,7 +417,12 @@ CLASS="COMMAND"
>, this file
must contain a mapping of service name (e.g., netbios-ssn)
to service port (e.g., 139) and protocol type (e.g., tcp).
- See the section INSTALLATION below.</P
+ See the <A
+HREF="UNIX_INSTALL.html"
+TARGET="_top"
+>UNIX_INSTALL.html</A
+>
+ document for details.</P
></DD
><DT
><TT
@@ -452,7 +466,7 @@ CLASS="FILENAME"
><DIV
CLASS="REFSECT1"
><A
-NAME="AEN153"
+NAME="AEN156"
></A
><H2
>LIMITATIONS</H2
@@ -471,7 +485,7 @@ CLASS="COMMAND"
><DIV
CLASS="REFSECT1"
><A
-NAME="AEN157"
+NAME="AEN160"
></A
><H2
>ENVIRONMENT VARIABLES</H2
@@ -502,320 +516,7 @@ CLASS="CONSTANT"
><DIV
CLASS="REFSECT1"
><A
-NAME="AEN166"
-></A
-><H2
->INSTALLATION</H2
-><P
->The location of the server and its support files
- is a matter for individual system administrators. The following
- are thus suggestions only.</P
-><P
->It is recommended that the server software be installed
- under the <TT
-CLASS="FILENAME"
->/usr/local/samba/</TT
-> hierarchy,
- in a directory readable by all, writeable only by root. The server
- program itself should be executable by all, as users may wish to
- run the server themselves (in which case it will of course run
- with their privileges). The server should NOT be setuid. On some
- systems it may be worthwhile to make <B
-CLASS="COMMAND"
->smbd</B
-> setgid to an empty group.
- This is because some systems may have a security hole where daemon
- processes that become a user can be attached to with a debugger.
- Making the <B
-CLASS="COMMAND"
->smbd</B
-> file setgid to an empty group may prevent
- this hole from being exploited. This security hole and the suggested
- fix has only been confirmed on old versions (pre-kernel 2.0) of Linux
- at the time this was written. It is possible that this hole only
- exists in Linux, as testing on other systems has thus far shown them
- to be immune.</P
-><P
->The server log files should be put in a directory readable and
- writeable only by root, as the log files may contain sensitive
- information.</P
-><P
->The configuration file should be placed in a directory
- readable and writeable only by root, as the configuration file
- controls security for the services offered by the server. The
- configuration file can be made readable by all if desired, but
- this is not necessary for correct operation of the server and is
- not recommended. A sample configuration file <TT
-CLASS="FILENAME"
->smb.conf.sample
- </TT
-> is supplied with the source to the server - this may
- be renamed to <TT
-CLASS="FILENAME"
->smb.conf</TT
-> and modified to suit
- your needs.</P
-><P
->The remaining notes will assume the following:</P
-><P
-></P
-><UL
-><LI
-><P
-><B
-CLASS="COMMAND"
->smbd</B
-> (the server program)
- installed in <TT
-CLASS="FILENAME"
->/usr/local/samba/bin</TT
-></P
-></LI
-><LI
-><P
-><TT
-CLASS="FILENAME"
->smb.conf</TT
-> (the configuration
- file) installed in <TT
-CLASS="FILENAME"
->/usr/local/samba/lib</TT
-></P
-></LI
-><LI
-><P
->log files stored in <TT
-CLASS="FILENAME"
->/var/adm/smblogs
- </TT
-></P
-></LI
-></UL
-><P
->The server may be run either as a daemon by users
- or at startup, or it may be run from a meta-daemon such as
- <B
-CLASS="COMMAND"
->inetd</B
-> upon request. If run as a daemon,
- the server will always be ready, so starting sessions will be
- faster. If run from a meta-daemon some memory will be saved and
- utilities such as the tcpd TCP-wrapper may be used for extra
- security. For serious use as file server it is recommended
- that <B
-CLASS="COMMAND"
->smbd</B
-> be run as a daemon.</P
-><P
->When you've decided, continue with either</P
-><P
-></P
-><UL
-><LI
-><P
->RUNNING THE SERVER AS A DAEMON or</P
-></LI
-><LI
-><P
->RUNNING THE SERVER ON REQUEST.</P
-></LI
-></UL
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN199"
-></A
-><H2
->RUNNING THE SERVER AS A DAEMON</H2
-><P
->To run the server as a daemon from the command
- line, simply put the <EM
->-D</EM
-> option on the
- command line. There is no need to place an ampersand at
- the end of the command line - the <EM
->-D</EM
->
- option causes the server to detach itself from the tty
- anyway.</P
-><P
->Any user can run the server as a daemon (execute
- permissions permitting, of course). This is useful for
- testing purposes, and may even be useful as a temporary
- substitute for something like ftp. When run this way, however,
- the server will only have the privileges of the user who ran
- it.</P
-><P
->To ensure that the server is run as a daemon whenever
- the machine is started, and to ensure that it runs as root
- so that it can serve multiple clients, you will need to modify
- the system startup files. Wherever appropriate (for example, in
- <TT
-CLASS="FILENAME"
->/etc/rc</TT
->), insert the following line,
- substituting port number, log file location, configuration file
- location and debug level as desired:</P
-><P
-><B
-CLASS="COMMAND"
->/usr/local/samba/bin/smbd -D -l /var/adm/smblogs/log
- -s /usr/local/samba/lib/smb.conf</B
-></P
-><P
->(The above should appear in your initialization script
- as a single line. Depending on your terminal characteristics,
- it may not appear that way in this man page. If the above appears
- as more than one line, please treat any newlines or indentation
- as a single space or TAB character.)</P
-><P
->If the options used at compile time are appropriate for
- your system, all parameters except <EM
->-D</EM
-> may
- be omitted. See the section OPTIONS above.</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN212"
-></A
-><H2
->RUNNING THE SERVER ON REQUEST</H2
-><P
->If your system uses a meta-daemon such as <B
-CLASS="COMMAND"
->inetd
- </B
->, you can arrange to have the <B
-CLASS="COMMAND"
->smbd</B
-> server started
- whenever a process attempts to connect to it. This requires several
- changes to the startup files on the host machine. If you are
- experimenting as an ordinary user rather than as root, you will
- need the assistance of your system administrator to modify the
- system files.</P
-><P
->You will probably want to set up the NetBIOS name server
- <A
-HREF="nmbd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->nmbd</B
-></A
-> at
- the same time as <B
-CLASS="COMMAND"
->smbd</B
->. To do this refer to the
- man page for <A
-HREF="nmbd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->nmbd(8)</B
->
- </A
->.</P
-><P
->First, ensure that a port is configured in the file
- <TT
-CLASS="FILENAME"
->/etc/services</TT
->. The well-known port 139
- should be used if possible, though any port may be used.</P
-><P
->Ensure that a line similar to the following is in
- <TT
-CLASS="FILENAME"
->/etc/services</TT
->:</P
-><P
-><B
-CLASS="COMMAND"
->netbios-ssn 139/tcp</B
-></P
-><P
->Note for NIS/YP users - you may need to rebuild the
- NIS service maps rather than alter your local <TT
-CLASS="FILENAME"
->/etc/services
- </TT
-> file.</P
-><P
->Next, put a suitable line in the file <TT
-CLASS="FILENAME"
->/etc/inetd.conf
- </TT
-> (in the unlikely event that you are using a meta-daemon
- other than inetd, you are on your own). Note that the first item
- in this line matches the service name in <TT
-CLASS="FILENAME"
->/etc/services
- </TT
->. Substitute appropriate values for your system
- in this line (see <B
-CLASS="COMMAND"
->inetd(8)</B
->):</P
-><P
-><B
-CLASS="COMMAND"
->netbios-ssn stream tcp nowait root /usr/local/samba/bin/smbd
- -d1 -l/var/adm/smblogs/log -s/usr/local/samba/lib/smb.conf</B
-></P
-><P
->(The above should appear in <TT
-CLASS="FILENAME"
->/etc/inetd.conf</TT
->
- as a single line. Depending on your terminal characteristics, it may
- not appear that way in this man page. If the above appears as more
- than one line, please treat any newlines or indentation as a single
- space or TAB character.)</P
-><P
->Note that there is no need to specify a port number here,
- even if you are using a non-standard port number.</P
-><P
->Lastly, edit the configuration file to provide suitable
- services. To start with, the following two services should be
- all you need:</P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="SCREEN"
-> <TT
-CLASS="COMPUTEROUTPUT"
-> [homes]
- writeable = yes
-
- [printers]
- writeable = no
- printable = yes
- path = /tmp
- public = yes
- </TT
->
- </PRE
-></TD
-></TR
-></TABLE
-><P
->This will allow you to connect to your home directory
- and print to any printer supported by the host (user privileges
- permitting).</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN244"
+NAME="AEN169"
></A
><H2
>PAM INTERACTION</H2
@@ -860,65 +561,7 @@ TARGET="_top"
><DIV
CLASS="REFSECT1"
><A
-NAME="AEN255"
-></A
-><H2
->TESTING THE INSTALLATION</H2
-><P
->If running the server as a daemon, execute it before
- proceeding. If using a meta-daemon, either restart the system
- or kill and restart the meta-daemon. Some versions of
- <B
-CLASS="COMMAND"
->inetd</B
-> will reread their configuration
- tables if they receive a HUP signal.</P
-><P
->If your machine's name is <TT
-CLASS="REPLACEABLE"
-><I
->fred</I
-></TT
-> and your
- name is <TT
-CLASS="REPLACEABLE"
-><I
->mary</I
-></TT
->, you should now be able to connect
- to the service <TT
-CLASS="FILENAME"
->\\fred\mary</TT
->.
- </P
-><P
->To properly test and experiment with the server, we
- recommend using the <B
-CLASS="COMMAND"
->smbclient</B
-> program (see
- <A
-HREF="smbclient.1.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->smbclient(1)</B
-></A
->)
- and also going through the steps outlined in the file
- <TT
-CLASS="FILENAME"
->DIAGNOSIS.txt</TT
-> in the <TT
-CLASS="FILENAME"
->docs/</TT
->
- directory of your Samba installation.</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN269"
+NAME="AEN180"
></A
><H2
>VERSION</H2
@@ -929,7 +572,7 @@ NAME="AEN269"
><DIV
CLASS="REFSECT1"
><A
-NAME="AEN272"
+NAME="AEN183"
></A
><H2
>DIAGNOSTICS</H2
@@ -952,7 +595,7 @@ NAME="AEN272"
><DIV
CLASS="REFSECT1"
><A
-NAME="AEN277"
+NAME="AEN188"
></A
><H2
>SIGNALS</H2
@@ -1017,7 +660,7 @@ CLASS="COMMAND"
><DIV
CLASS="REFSECT1"
><A
-NAME="AEN294"
+NAME="AEN205"
></A
><H2
>SEE ALSO</H2
@@ -1083,7 +726,7 @@ TARGET="_top"
><DIV
CLASS="REFSECT1"
><A
-NAME="AEN311"
+NAME="AEN222"
></A
><H2
>AUTHOR</H2