summaryrefslogtreecommitdiff
path: root/swat
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>1998-11-26 04:18:11 +0000
committerAndrew Tridgell <tridge@samba.org>1998-11-26 04:18:11 +0000
commit6ff1453ee119fe1120883429319023a29a9e6707 (patch)
treef828e9b1bc5500a36ef2104a9ae120f2050c2600 /swat
parentb20fc0046426bc6c6dfdeeef0cedcd975282576d (diff)
downloadsamba-6ff1453ee119fe1120883429319023a29a9e6707.tar.gz
samba-6ff1453ee119fe1120883429319023a29a9e6707.tar.bz2
samba-6ff1453ee119fe1120883429319023a29a9e6707.zip
updated SWAT README to remove cgi-bin instructions
(This used to be commit baa43fb17b04b7945456514e01682e5dca5dfe99)
Diffstat (limited to 'swat')
-rw-r--r--swat/README59
1 files changed, 5 insertions, 54 deletions
diff --git a/swat/README b/swat/README
index 2810e4e086..588ecef769 100644
--- a/swat/README
+++ b/swat/README
@@ -1,11 +1,6 @@
This is a brief description of how to install and use the Samba Web
Administration Tool on your machine.
-Please note that SWAT is still being developed so you should not
-expect it to be bug free. You should only install and use it if you
-want to either get a preview of what we are doing with SWAT or you
-want to help in the development of SWAT.
-
Installation
------------
@@ -21,9 +16,7 @@ Running via inetd
-----------------
You then need to edit your /etc/inetd.conf and /etc/services to enable
-SWAT to be launched via inetd. Note that SWAT can also be launched via
-the cgi-bin mechanisms of a web server (such as apache) and that is
-described below.
+SWAT to be launched via inetd.
In /etc/services you need to add a line like this:
@@ -38,69 +31,27 @@ In /etc/inetd.conf you should add a line like this:
swat stream tcp nowait.400 root /usr/local/samba/bin/swat swat
-If you just want to see a demo of how swat works and don't want to be
-able to actually change any Samba config via swat then you may chose
-to change "root" to some other user that does not have permission to
-write to smb.conf.
-
One you have edited /etc/services and /etc/inetd.conf you need to send
a HUP signal to inetd. On many systems "killall -1 inetd" will do this
on others you will need to use "kill -1 PID" where PID is the process
ID of the inetd daemon.
-Running via cgi-bin
--------------------
-
-To run SWAT via your web servers cgi-bin capability you need to copy
-the swat binary to your cgi-bin directory. Note that you should run
-SWAT either via inetd or via cgi-bin but not both.
-
-Then you need to create a swat directory in your web servers root
-directory and copy the images/* and help/* files into there so that
-they are visible via the URL http://your.web.server/swat/
-
-Next you need to make sure you modify your web servers authentication
-to require a username/pssword for the URL
-http://your.web.server/cgi-bin/swat. Don't forgt this step! If you do
-forget it then you will be allowing anyone to edit your Samba
-configuration which would allow them to easily gain root access on your
-machine.
-
-After testing the authentication you need to change the ownership and
-permissions on the swat binary. It should be owned by root wth the
-setuid bit set. It should be ONLY executable by the user that the web
-server runs as. Make sure you do this carefully!
-
-for example, the following would be correct if the web server ran as
-group "nobody".
-
--rws--x--- 1 root nobody
-
-You must also realise that this means that any user who can run
-programs as the "nobody" group can run swat and modify your Samba
-config. Be sure to think about this!
-
Launching
---------
To launch SWAT just run your favourite web browser and point it at
-http://localhost:901/ or http://localhost/cgi-bin/swat/ depending on
-how you installed it.
+http://localhost:901/
Note that you can attach to SWAT from any IP connected machine but
connecting from a remote machine leaves your connection open to
password sniffing as passwords will be sent in the clear over the
wire.
-If installed via inetd then you should be prompted for a
-username/password when you connect. You will need to provide the
-username "root" and the correct root password. More sophisticated
-authentication options are planned for future versions of SWAT.
-
-If installed via cgi-bin then you should receive whatever
-authentication request you configured in your web server.
+You should be prompted for a username/password when you connect. You
+will need to provide the username "root" and the correct root
+password.
Running
-------