diff options
Diffstat (limited to 'docs/htmldocs/swat.8.html')
-rw-r--r-- | docs/htmldocs/swat.8.html | 196 |
1 files changed, 196 insertions, 0 deletions
diff --git a/docs/htmldocs/swat.8.html b/docs/htmldocs/swat.8.html new file mode 100644 index 0000000000..4a2eeec3d5 --- /dev/null +++ b/docs/htmldocs/swat.8.html @@ -0,0 +1,196 @@ + + + + + +<html><head><title>swat</title> + +<link rev="made" href="mailto:samba-bugs@samba.anu.edu.au"> +</head> +<body> + +<hr> + +<h1>swat</h1> +<h2>Samba</h2> +<h2>23 Oct 1998</h2> + + + + +<p><br><a name="NAME"></a> +<h2>NAME</h2> + swat - swat - Samba Web Administration Tool +<p><br><a name="SYNOPSIS"></a> +<h2>SYNOPSIS</h2> + +<p><br><strong>swat</strong> [<a href="swat.8.html#minuss">-s smb config file</a>] [<a href="swat.8.html#minusa">-a</a>] +<p><br><a name="DESCRIPTION"></a> +<h2>DESCRIPTION</h2> + +<p><br>This program is part of the <strong>Samba</strong> suite. +<p><br><strong>swat</strong> allows a Samba administrator to configure the complex +<a href="smb.conf.5.html"><strong>smb.conf</strong></a> file via a Web browser. In +addition, a swat configuration page has help links to all the +configurable options in the <a href="smb.conf.5.html"><strong>smb.conf</strong></a> file +allowing an administrator to easily look up the effects of any change. +<p><br><strong>swat</strong> can be run as a stand-alone daemon, from <strong>inetd</strong>, +or invoked via CGI from a Web server. +<p><br><a name="OPTIONS"></a> +<h2>OPTIONS</h2> + +<p><br><ul> +<p><br><a name="minuss"></a> +<li><strong><strong>-s smb configuration file</strong></strong> The default configuration file path is +determined at compile time. +<p><br>The file specified contains the configuration details required by the +<a href="smbd.8.html"><strong>smbd</strong></a> server. This is the file that <strong>swat</strong> will +modify. The information in this file includes server-specific +information such as what printcap file to use, as well as descriptions +of all the services that the server is to provide. See <a href="smb.conf.5.html">smb.conf +(5)</a> for more information. +<p><br><a name="minusa"></a> +<li><strong><strong>-a</strong></strong> +<p><br>This option is only used if <strong>swat</strong> is running as it's own mini-web +server (see the <a href="swat.8.html#INSTALLATION"><strong>INSTALLATION</strong></a> section below). +<p><br>This option removes the need for authentication needed to modify the +<a href="smb.conf.5.html"><strong>smb.conf</strong></a> file. <em>**THIS IS ONLY MEANT FOR +DEMOING SWAT AND MUST NOT BE SET IN NORMAL SYSTEMS**</em> as it would +allow <em>*ANYONE*</em> to modify the <a href="smb.conf.5.html"><strong>smb.conf</strong></a> +file, thus giving them root access. +<p><br></ul> +<p><br><a name="INSTALLATION"></a> +<h2>INSTALLATION</h2> + +<p><br>After you compile SWAT you need to run <code>"make install"</code> to install the +swat binary and the various help files and images. A default install +would put these in: +<p><br><pre> + +/usr/local/samba/bin/swat +/usr/local/samba/swat/images/* +/usr/local/samba/swat/help/* + +</pre> + +<p><br><a name="RUNNINGVIAINETD"></a> +<h2>RUNNING VIA INETD</h2> + +<p><br>You need to edit your <code>/etc/inetd.conf</code> and <code>/etc/services</code> to +enable <strong>SWAT</strong> to be launched via inetd. Note that <strong>swat</strong> can also +be launched via the cgi-bin mechanisms of a web server (such as +apache) and that is described below in the section <a href="swat.8.html#RUNNINGVIACGIBIN"><strong>RUNNING VIA +CGI-BIN</strong></a>. +<p><br>In <code>/etc/services</code> you need to add a line like this: +<p><br><code>swat 901/tcp</code> +<p><br>Note for NIS/YP users - you may need to rebuild the NIS service maps +rather than alter your local <code>/etc/services</code> file. +<p><br>the choice of port number isn't really important except that it should +be less than 1024 and not currently used (using a number above 1024 +presents an obscure security hole depending on the implementation +details of your <strong>inetd</strong> daemon). +<p><br>In <code>/etc/inetd.conf</code> you should add a line like this: +<p><br><code>swat stream tcp nowait.400 root /usr/local/samba/bin/swat swat</code> +<p><br>If you just want to see a demo of how swat works and don't want to be +able to actually change any Samba config via swat then you may chose +to change <code>"root"</code> to some other user that does not have permission +to write to <a href="smb.conf.5.html"><strong>smb.conf</strong></a>. +<p><br>One you have edited <code>/etc/services</code> and <code>/etc/inetd.conf</code> you need +to send a HUP signal to inetd. To do this use <code>"kill -1 PID"</code> where +PID is the process ID of the inetd daemon. +<p><br><a name="RUNNINGVIACGIBIN"></a> +<h2>RUNNING VIA CGI-BIN</h2> + +<p><br>To run <strong>swat</strong> via your web servers cgi-bin capability you need to +copy the <strong>swat</strong> binary to your cgi-bin directory. Note that you +should run <strong>swat</strong> either via <a href="swat.8.html#RUNNINGVIAINETD"><strong>inetd</strong></a> or via +cgi-bin but not both. +<p><br>Then you need to create a <code>swat/</code> directory in your web servers root +directory and copy the <code>images/*</code> and <code>help/*</code> files found in the +<code>swat/</code> directory of your Samba source distribution into there so +that they are visible via the URL <code>http://your.web.server/swat/</code> +<p><br>Next you need to make sure you modify your web servers authentication +to require a username/pssword for the URL +<code>http://your.web.server/cgi-bin/swat</code>. <em>**Don't forget this +step!**</em> If you do forget it then you will be allowing anyone to edit +your Samba configuration which would allow them to easily gain root +access on your machine. +<p><br>After testing the authentication you need to change the ownership and +permissions on the <strong>swat</strong> binary. It should be owned by root wth the +setuid bit set. It should be ONLY executable by the user that the web +server runs as. Make sure you do this carefully! +<p><br>for example, the following would be correct if the web server ran as +group <code>"nobody"</code>. +<p><br><code>-rws--x--- 1 root nobody </code> +<p><br>You must also realise that this means that any user who can run +programs as the <code>"nobody"</code> group can run <strong>swat</strong> and modify your +Samba config. Be sure to think about this! +<p><br><a name="LAUNCHING"></a> +<h2>LAUNCHING</h2> + +<p><br>To launch <strong>swat</strong> just run your favourite web browser and point it at +<code>http://localhost:901/</code> or <code>http://localhost/cgi-bin/swat/</code> +depending on how you installed it. +<p><br>Note that you can attach to <strong>swat</strong> from any IP connected machine but +connecting from a remote machine leaves your connection open to +password sniffing as passwords will be sent in the clear over the +wire. +<p><br>If installed via <strong>inetd</strong> then you should be prompted for a +username/password when you connect. You will need to provide the +username <code>"root"</code> and the correct root password. More sophisticated +authentication options are planned for future versions of <strong>swat</strong>. +<p><br>If installed via cgi-bin then you should receive whatever +authentication request you configured in your web server. +<p><br><h2>FILES</h2> + +<p><br><strong>/etc/inetd.conf</strong> +<p><br>If the server is to be run by the inetd meta-daemon, this file must +contain suitable startup information for the meta-daemon. See the +section <a href="swat.8.html#RUNNINGVIAINETD"><strong>RUNNING VIA INETD</strong></a> above. +<p><br><strong>/etc/services</strong> +<p><br>If running the server via the meta-daemon inetd, this file must +contain a mapping of service name (eg., swat) to service port +(eg., 901) and protocol type (eg., tcp). See the section +<a href="swat.8.html#RUNNINGVIAINETD"><strong>RUNNING VIA INETD</strong></a> above. +<p><br><strong>/usr/local/samba/lib/smb.conf</strong> +<p><br>This is the default location of the <em>smb.conf</em> server configuration +file that <strong>swat</strong> edits. Other common places that systems install +this file are <em>/usr/samba/lib/smb.conf</em> and <em>/etc/smb.conf</em>. +<p><br>This file describes all the services the server is to make available +to clients. See <strong>smb.conf (5)</strong> for more information. +<p><br><a name="WARNINGS"></a> +<h2>WARNINGS</h2> + +<p><br><strong>swat</strong> will rewrite your <a href="smb.conf.5.html"><strong>smb.conf</strong></a> file. It +will rearrange the entries and delete all comments, +<a href="smb.conf.5.html#include"><strong>"include="</strong></a> and +<a href="smb.conf.5.html#copy"><strong>"copy="</strong></a> options. If you have a +carefully crafted <a href="smb.conf.5.html"><strong>smb.conf</strong></a> then back it up +or don't use <strong>swat</strong>! +<p><br><a name="VERSION"></a> +<h2>VERSION</h2> + +<p><br>This man page is correct for version 2.0 of the Samba suite. +<p><br><a name="SEEALSO"></a> +<h2>SEE ALSO</h2> + +<p><br><strong>inetd (8)</strong>, <a href="nmbd.8.html"><strong>nmbd (8)</strong></a>, +<a href="smb.conf.5.html"><strong>smb.conf (5)</strong></a>. +<p><br><a name="AUTHOR"></a> +<h2>AUTHOR</h2> + +<p><br>The original Samba software and related utilities were created by +Andrew Tridgell (samba-bugs@samba.anu.edu.au). Samba is now developed +by the Samba Team as an Open Source project similar to the way the +Linux kernel is developed. +<p><br>The original Samba man pages were written by Karl Auer. The man page +sources were converted to YODL format (another excellent piece of Open +Source software, available at +<a href="ftp://ftp.icce.rug.nl/pub/unix/"><strong>ftp://ftp.icce.rug.nl/pub/unix/</strong></a>) +and updated for the Samba2.0 release by Jeremy Allison. +<a href="mailto:samba-bugs@samba.anu.edu.au"><em>samba-bugs@samba.anu.edu.au</em></a>. +<p><br>See <a href="samba.7.html"><strong>samba (7)</strong></a> to find out how to get a full +list of contributors and details on how to submit bug reports, +comments etc. +</body> +</html> |