diff options
Diffstat (limited to 'docs/htmldocs/smbd.8.html')
-rw-r--r-- | docs/htmldocs/smbd.8.html | 376 |
1 files changed, 376 insertions, 0 deletions
diff --git a/docs/htmldocs/smbd.8.html b/docs/htmldocs/smbd.8.html new file mode 100644 index 0000000000..819fc39445 --- /dev/null +++ b/docs/htmldocs/smbd.8.html @@ -0,0 +1,376 @@ + + + + + +<html><head><title>smbd</title> + +<link rev="made" href="mailto:samba-bugs@samba.anu.edu.au"> +</head> +<body> + +<hr> + +<h1>smbd</h1> +<h2>Samba</h2> +<h2>23 Oct 1998</h2> + + + + +<p><br><a name="NAME"></a> +<h2>NAME</h2> + smbd - server to provide SMB/CIFS services to clients +<p><br><a name="SYNOPSIS"></a> +<h2>SYNOPSIS</h2> + +<p><br><strong>smbd</strong> [<a href="smbd.8.html#minusD">-D</a>] [<a href="smbd.8.html#minusa">-a</a>] [<a href="smbd.8.html#minuso">-o</a>] [<a href="smbd.8.html#minusd">-d debuglevel</a>] [<a href="smbd.8.html#minusl">-l log file</a>] [<a href="smbd.8.html#minusp">-p port number</a>] [<a href="smbd.8.html#minusO">-O socket options</a>] [<a href="smbd.8.html#minuss">-s configuration file</a>] [<a href="smbd.8.html#minusi">-i scope</a>] [<a href="smbd.8.html#minusP">-P</a>] [<a href="smbd.8.html#minush">-h</a>] +<p><br><a name="DESCRIPTION"></a> +<h2>DESCRIPTION</h2> + +<p><br>This program is part of the <strong>Samba</strong> suite. +<p><br><strong>smbd</strong> is the server daemon that provides filesharing services to +Windows clients. The server provides filespace and printer services to +clients using the SMB (or CIFS) protocol. This is compatible with the +LanManager protocol, and can service LanManager clients. These +include MSCLIENT 3.0 for DOS, Windows for Workgroups, Windows 95, +Windows NT, OS/2, DAVE for Macintosh, and smbfs for Linux. +<p><br>An extensive description of the services that the server can provide +is given in the man page for the configuration file controlling the +attributes of those services (see <strong>smb.conf (5)</strong>). This man page +will not describe the services, but will concentrate on the +administrative aspects of running the server. +<p><br>Please note that there are significant security implications to +running this server, and the <strong>smb.conf (5)</strong> manpage should be +regarded as mandatory reading before proceeding with installation. +<p><br>A session is created whenever a client requests one. Each client gets +a copy of the server for each session. This copy then services all +connections made by the client during that session. When all +connections from its client are are closed, the copy of the server for +that client terminates. +<p><br>The configuration file, and any files that it includes, are +automatically reloaded every minute, if they change. You can force a +reload by sending a SIGHUP to the server. Reloading the configuration +file will not affect connections to any service that is already +established. Either the user will have to disconnect from the +service, or smbd killed and restarted. +<p><br><a name="OPTIONS"></a> +<h2>OPTIONS</h2> + +<p><br><ul> +<p><br><a name="minusD"></a> +<li><strong><strong>-D</strong></strong> If specified, this parameter causes the server to operate as a +daemon. That is, it detaches itself and runs in the background, +fielding requests on the appropriate port. Operating the server as a +daemon is the recommended way of running smbd for servers that provide +more than casual use file and print services. +<p><br>By default, the server will NOT operate as a daemon. +<p><br><a name="minusa"></a> +<li><strong><strong>-a</strong></strong> If this parameter is specified, each new connection will +append log messages to the log file. This is the default. +<p><br><a name="minuso"></a> +<li><strong><strong>-o</strong></strong> If this parameter is specified, the log files will be +overwritten when opened. By default, the log files will be appended +to. +<p><br><a name="minusd"></a> +<li><strong><strong>-d debuglevel</strong></strong> debuglevel is an integer from 0 to 10. +<p><br>The default value if this parameter is not specified is zero. +<p><br>The higher this value, the more detail will be logged to the log files +about the activities of the server. At level 0, only critical errors +and serious warnings will be logged. Level 1 is a reasonable level for +day to day running - it generates a small amount of information about +operations carried out. +<p><br>Levels above 1 will generate considerable amounts of log data, and +should only be used when investigating a problem. Levels above 3 are +designed for use only by developers and generate HUGE amounts of log +data, most of which is extremely cryptic. +<p><br>Note that specifying this parameter here will override the <a href="smb.conf.5.html#loglevel"><strong>log +level</strong></a> parameter in the <a href="smb.conf.5.html"><strong>smb.conf +(5)</strong></a> file. +<p><br><a name="minusl"></a> +<li><strong><strong>-l log file</strong></strong> If specified, <em>log file</em> specifies +a log filename into which informational and debug messages from the +running server will be logged. The log file generated is never removed +by the server although its size may be controlled by the <a href="smb.conf.5.html#maxlogsize"><strong>max +log size</strong></a> option in the <a href="smb.conf.5.html"><strong>smb.conf +(5)</strong></a> file. The default log file name is specified +at compile time. +<p><br><a name="minusO"></a> +<li><strong><strong>-O socket options</strong></strong> See the <a href="smb.conf.5.html#socketoptions"><strong>socket +options</strong></a> parameter in the +<a href="smb.conf.5.html"><strong>smb.conf (5)</strong></a> file for details. +<p><br><a name="minusp"></a> +<li><strong><strong>-p port number</strong></strong> port number is a positive integer value. The +default value if this parameter is not specified is 139. +<p><br>This number is the port number that will be used when making +connections to the server from client software. The standard +(well-known) port number for the SMB over TCP is 139, hence the +default. If you wish to run the server as an ordinary user rather than +as root, most systems will require you to use a port number greater +than 1024 - ask your system administrator for help if you are in this +situation. +<p><br>In order for the server to be useful by most clients, should you +configure it on a port other than 139, you will require port +redirection services on port 139, details of which are outlined in +rfc1002.txt section 4.3.5. +<p><br>This parameter is not normally specified except in the above +situation. +<p><br><a name="minuss"></a> +<li><strong><strong>-s configuration file</strong></strong> The default configuration file name is +determined at compile time. +<p><br>The file specified contains the configuration details required by the +server. The information in this file includes server-specific +information such as what printcap file to use, as well as descriptions +of all the services that the server is to provide. See <strong>smb.conf +(5)</strong> for more information. +<p><br><a name="minusi"></a> +<li><strong><strong>-i scope</strong></strong> This specifies a NetBIOS scope that the server will use +to communicate with when generating NetBIOS names. For details on the +use of NetBIOS scopes, see rfc1001.txt and rfc1002.txt. NetBIOS scopes +are <em>very</em> rarely used, only set this parameter if you are the +system administrator in charge of all the NetBIOS systems you +communicate with. +<p><br><a name="minush"></a> +<li><strong><strong>-h</strong></strong> Prints the help information (usage) for smbd. +<p><br><a name="minusP"></a> +<li><strong><strong>-P</strong></strong> Passive option. Causes smbd not to send any network traffic +out. Used for debugging by the developers only. +<p><br></ul> +<p><br><a name="FILES"></a> +<h2>FILES</h2> + +<p><br><strong>/etc/inetd.conf</strong> +<p><br>If the server is to be run by the inetd meta-daemon, this file must +contain suitable startup information for the meta-daemon. See the +section <em>INSTALLATION</em> below. +<p><br><strong>/etc/rc</strong> +<p><br>(or whatever initialisation script your system uses). +<p><br>If running the server as a daemon at startup, this file will need to +contain an appropriate startup sequence for the server. See the +section <em>INSTALLATION</em> below. +<p><br><strong>/etc/services</strong> +<p><br>If running the server via the meta-daemon inetd, this file must +contain a mapping of service name (eg., netbios-ssn) to service port +(eg., 139) and protocol type (eg., tcp). See the section +<em>INSTALLATION</em> below. +<p><br><strong>/usr/local/samba/lib/smb.conf</strong> +<p><br>This is the default location of the <em>smb.conf</em> server configuration +file. Other common places that systems install this file are +<em>/usr/samba/lib/smb.conf</em> and <em>/etc/smb.conf</em>. +<p><br>This file describes all the services the server is to make available +to clients. See <strong>smb.conf (5)</strong> for more information. +<p><br><a name="LIMITATIONS"></a> +<h2>LIMITATIONS</h2> + +<p><br>On some systems <strong>smbd</strong> cannot change uid back to root after a +setuid() call. Such systems are called "trapdoor" uid systems. If you +have such a system, you will be unable to connect from a client (such +as a PC) as two different users at once. Attempts to connect the +second user will result in "access denied" or similar. +<p><br><a name="ENVIRONMENTVARIABLES"></a> +<h2>ENVIRONMENT VARIABLES</h2> + +<p><br><strong>PRINTER</strong> +<p><br>If no printer name is specified to printable services, most systems +will use the value of this variable (or "lp" if this variable is not +defined) as the name of the printer to use. This is not specific to +the server, however. +<p><br><a name="INSTALLATION"></a> +<h2>INSTALLATION</h2> + +<p><br>The location of the server and its support files is a matter for +individual system administrators. The following are thus suggestions +only. +<p><br>It is recommended that the server software be installed under the +/usr/local/samba hierarchy, in a directory readable by all, writeable +only by root. The server program itself should be executable by all, +as users may wish to run the server themselves (in which case it will +of course run with their privileges). The server should NOT be +setuid. On some systems it may be worthwhile to make smbd setgid to an +empty group. This is because some systems may have a security hole +where daemon processes that become a user can be attached to with a +debugger. Making the smbd file setgid to an empty group may prevent +this hole from being exploited. This security hole and the suggested +fix has only been confirmed on old versions (pre-kernel 2.0) of Linux +at the time this was written. It is possible that this hole only +exists in Linux, as testing on other systems has thus far shown them +to be immune. +<p><br>The server log files should be put in a directory readable and +writable only by root, as the log files may contain sensitive +information. +<p><br>The configuration file should be placed in a directory readable and +writable only by root, as the configuration file controls security for +the services offered by the server. The configuration file can be made +readable by all if desired, but this is not necessary for correct +operation of the server and is not recommended. A sample configuration +file "smb.conf.sample" is supplied with the source to the server - +this may be renamed to "smb.conf" and modified to suit your needs. +<p><br>The remaining notes will assume the following: +<p><br><ul> +<p><br><li > <strong>smbd</strong> (the server program) installed in /usr/local/samba/bin +<p><br><li > <strong>smb.conf</strong> (the configuration file) installed in /usr/local/samba/lib +<p><br><li > log files stored in /var/adm/smblogs +<p><br></ul> +<p><br>The server may be run either as a daemon by users or at startup, or it +may be run from a meta-daemon such as inetd upon request. If run as a +daemon, the server will always be ready, so starting sessions will be +faster. If run from a meta-daemon some memory will be saved and +utilities such as the tcpd TCP-wrapper may be used for extra security. +For serious use as file server it is recommended that <strong>smbd</strong> be run +as a daemon. +<p><br>When you've decided, continue with either <em>RUNNING THE SERVER AS A +DAEMON</em> or <em>RUNNING THE SERVER ON REQUEST</em>. +<p><br><a name="RUNNINGTHESERVERASADAEMON"></a> +<h2>RUNNING THE SERVER AS A DAEMON</h2> + +<p><br>To run the server as a daemon from the command line, simply put the +<a href="smbd.8.html#minusD"><strong>-D</strong></a> option on the command line. There is no need to place an +ampersand at the end of the command line - the <a href="smbd.8.html#minusD"><strong>-D</strong></a> option causes +the server to detach itself from the tty anyway. +<p><br>Any user can run the server as a daemon (execute permissions +permitting, of course). This is useful for testing purposes, and may +even be useful as a temporary substitute for something like ftp. When +run this way, however, the server will only have the privileges of the +user who ran it. +<p><br>To ensure that the server is run as a daemon whenever the machine is +started, and to ensure that it runs as root so that it can serve +multiple clients, you will need to modify the system startup +files. Wherever appropriate (for example, in /etc/rc), insert the +following line, substituting port number, log file location, +configuration file location and debug level as desired: +<p><br><code>/usr/local/samba/bin/smbd -D -l /var/adm/smblogs/log -s /usr/local/samba/lib/smb.conf</code> +<p><br>(The above should appear in your initialisation script as a single line. +Depending on your terminal characteristics, it may not appear that way in +this man page. If the above appears as more than one line, please treat any +newlines or indentation as a single space or TAB character.) +<p><br>If the options used at compile time are appropriate for your system, +all parameters except the desired debug level and <a href="smbd.8.html#minusD"><strong>-D</strong></a> may be +omitted. See the section <em>OPTIONS</em> above. +<p><br><a name="RUNNINGTHESERVERONREQUEST"></a> +<h2>RUNNING THE SERVER ON REQUEST</h2> + +<p><br>If your system uses a meta-daemon such as inetd, you can arrange to +have the smbd server started whenever a process attempts to connect to +it. This requires several changes to the startup files on the host +machine. If you are experimenting as an ordinary user rather than as +root, you will need the assistance of your system administrator to +modify the system files. +<p><br>You will probably want to set up the NetBIOS name server <a href="nmbd.8.html"><strong>nmbd</strong></a> at +the same time as <strong>smbd</strong>. To do this refer to the man page for +<a href="nmbd.8.html"><strong>nmbd (8)</strong></a>. +<p><br>First, ensure that a port is configured in the file /etc/services. The +well-known port 139 should be used if possible, though any port may be +used. +<p><br>Ensure that a line similar to the following is in /etc/services: +<p><br><code>netbios-ssn 139/tcp</code> +<p><br>Note for NIS/YP users - you may need to rebuild the NIS service maps +rather than alter your local /etc/services file. +<p><br>Next, put a suitable line in the file /etc/inetd.conf (in the unlikely +event that you are using a meta-daemon other than inetd, you are on +your own). Note that the first item in this line matches the service +name in /etc/services. Substitute appropriate values for your system +in this line (see <strong>inetd (8)</strong>): +<p><br><code>netbios-ssn stream tcp nowait root /usr/local/samba/bin/smbd -d1 -l/var/adm/smblogs/log -s/usr/local/samba/lib/smb.conf</code> +<p><br>(The above should appear in /etc/inetd.conf as a single +line. Depending on your terminal characteristics, it may not appear +that way in this man page. If the above appears as more than one +line, please treat any newlines or indentation as a single space or +TAB character.) +<p><br>Note that there is no need to specify a port number here, even if you +are using a non-standard port number. +<p><br>Lastly, edit the configuration file to provide suitable services. To +start with, the following two services should be all you need: +<p><br><pre> + + +[homes] + writable = yes + +[printers] + writable = no + printable = yes + path = /tmp + public = yes + + +</pre> + +<p><br>This will allow you to connect to your home directory and print to any +printer supported by the host (user privileges permitting). +<p><br><a name="TESTINGTHEINSTALLATION"></a> +<h2>TESTING THE INSTALLATION</h2> + +<p><br>If running the server as a daemon, execute it before proceeding. If +using a meta-daemon, either restart the system or kill and restart the +meta-daemon. Some versions of inetd will reread their configuration +tables if they receive a HUP signal. +<p><br>If your machine's name is "fred" and your name is "mary", you should +now be able to connect to the service <code>\\fred\mary</code>. +<p><br>To properly test and experiment with the server, we recommend using +the smbclient program (see <strong>smbclient (1)</strong>) and also going through +the steps outlined in the file <em>DIAGNOSIS.txt</em> in the <em>docs/</em> +directory of your Samba installation. +<p><br><a name="VERSION"></a> +<h2>VERSION</h2> + +<p><br>This man page is correct for version 2.0 of the Samba suite. +<p><br><a name="DIAGNOSTICS"></a> +<h2>DIAGNOSTICS</h2> + +<p><br>Most diagnostics issued by the server are logged in a specified log +file. The log file name is specified at compile time, but may be +overridden on the command line. +<p><br>The number and nature of diagnostics available depends on the debug +level used by the server. If you have problems, set the debug level to +3 and peruse the log files. +<p><br>Most messages are reasonably self-explanatory. Unfortunately, at time +of creation of this man page there are too many diagnostics available +in the source code to warrant describing each and every diagnostic. At +this stage your best bet is still to grep the source code and inspect +the conditions that gave rise to the diagnostics you are seeing. +<p><br><a name="SIGNALS"></a> +<h2>SIGNALS</h2> + +<p><br>Sending the smbd a SIGHUP will cause it to re-load its smb.conf +configuration file within a short period of time. +<p><br>To shut down a users smbd process it is recommended that SIGKILL (-9) +<em>NOT</em> be used, except as a last resort, as this may leave the shared +memory area in an inconsistant state. The safe way to terminate an +smbd is to send it a SIGTERM (-15) signal and wait for it to die on +its own. +<p><br>The debug log level of smbd may be raised +by sending it a SIGUSR1 <code>(kill -USR1 <smbd-pid>)</code> and lowered by +sending it a SIGUSR2 <code>(kill -USR2 <smbd-pid>)</code>. This is to allow +transient problems to be diagnosed, whilst still running at a normally +low log level. +<p><br>Note that as the signal handlers send a debug write, they are not +re-entrant in smbd. This you should wait until smbd is in a state of +waiting for an incoming smb before issuing them. It is possible to +make the signal handlers safe by un-blocking the signals before the +select call and re-blocking them after, however this would affect +performance. +<p><br><a name="SEEALSO"></a> +<h2>SEE ALSO</h2> + +<p><br><strong>hosts_access (5)</strong>, <strong>inetd (8)</strong>, <a href="nmbd.8.html"><strong>nmbd (8)</strong></a>, +<a href="smb.conf.5.html"><strong>smb.conf (5)</strong></a>, <a href="smbclient.1.html"><strong>smbclient +(1)</strong></a>, <a href="testparm.1.html"><strong>testparm (1)</strong></a>, +<a href="testprns.1.html"><strong>testprns (1)</strong></a>, and the Internet RFC's +<strong>rfc1001.txt</strong>, <strong>rfc1002.txt</strong>. In addition the CIFS (formerly SMB) +specification is available as a link from the Web page : +<a href="http://samba.anu.edu.au/cifs/">http://samba.anu.edu.au/cifs/</a>. +<p><br><a name="AUTHOR"></a> +<h2>AUTHOR</h2> + +<p><br>The original Samba software and related utilities were created by +Andrew Tridgell (samba-bugs@samba.anu.edu.au). Samba is now developed +by the Samba Team as an Open Source project similar to the way the +Linux kernel is developed. +<p><br>The original Samba man pages were written by Karl Auer. The man page +sources were converted to YODL format (another excellent piece of Open +Source software) and updated for the Samba2.0 release by Jeremy +Allison, <a href="mailto:samba-bugs@samba.anu.edu.au"><em>samba-bugs@samba.anu.edu.au</em></a>. +<p><br>See <a href="samba.7.html"><strong>samba (7)</strong></a> to find out how to get a full list of contributors +and details on how to submit bug reports, comments etc. +</body> +</html> |