summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--swat/README55
1 files changed, 48 insertions, 7 deletions
diff --git a/swat/README b/swat/README
index 1d2a15d196..65efba9b0a 100644
--- a/swat/README
+++ b/swat/README
@@ -17,10 +17,13 @@ would put these in:
/usr/local/samba/swat/images/*
/usr/local/samba/swat/help/*
+Running via inetd
+-----------------
+
You then need to edit your /etc/inetd.conf and /etc/services to enable
SWAT to be launched via inetd. Note that SWAT can also be launched via
-the cgi-bin mechanisms of a web server (such as apache) but that is
-not described here and has not been tested recently.
+the cgi-bin mechanisms of a web server (such as apache) and that is
+described below.
In /etc/services you need to add a line like this:
@@ -45,21 +48,59 @@ a HUP signal to inetd. On many systems "killall -1 inetd" will do this
on others you will need to use "kill -1 PID" where PID is the process
ID of the inetd daemon.
+
+Running via cgi-bin
+-------------------
+
+To run SWAT via your web servers cgi-bin capability you need to copy
+the swat binary to your cgi-bin directory. Note that you should run
+SWAT either via inetd or via cgi-bin but not both.
+
+Then you need to create a swat directory in your web servers root
+directory and copy the images/* and help/* files into there so that
+they are visible via the URL http://your.web.server/swat/
+
+Next you need to make sure you modify your web servers authentication
+to require a username/pssword for the URL
+http://your.web.server/cgi-bin/swat. Don't forgt this step! If you do
+forget it then you will be allowing anyone to edit your Samba
+configuration which would allow them to easily gain root access on your
+machine.
+
+After testing the authentication you need to change the ownership and
+permissions on the swat binary. It should be owned by root wth the
+setuid bit set. It should be ONLY executable by the user that the web
+server runs as. Make sure you do this carefully!
+
+for example, the following would be correct if the web server ran as
+group "nobody".
+
+-rws--x--- 1 root nobody
+
+You must also realise that this means that any user who can run
+programs as the "nobody" group can run swat and modify your Samba
+config. Be sure to think about this!
+
+
Launching
---------
To launch SWAT just run your favourite web browser and point it at
-http://localhost:901/
+http://localhost:901/ or http://localhost/cgi-bin/swat/ depending on
+how you installed it.
Note that you can attach to SWAT from any IP connected machine but
connecting from a remote machine leaves your connection open to
password sniffing as passwords will be sent in the clear over the
wire.
-You should be prompted for a username/password when you connect. You
-will need to provide the username "root" and the correct root
-password. More sophisticated authentication options are planned for
-future versions of SWAT.
+If installed via inetd then you should be prompted for a
+username/password when you connect. You will need to provide the
+username "root" and the correct root password. More sophisticated
+authentication options are planned for future versions of SWAT.
+
+If installed via cgi-bin then you should receive whatever
+authentication request you configured in your web server.
Running
-------