summaryrefslogtreecommitdiff
path: root/docs/manpages/smbd.8
diff options
context:
space:
mode:
Diffstat (limited to 'docs/manpages/smbd.8')
-rw-r--r--docs/manpages/smbd.8707
1 files changed, 305 insertions, 402 deletions
diff --git a/docs/manpages/smbd.8 b/docs/manpages/smbd.8
index bae41b2c47..f534a59bf3 100644
--- a/docs/manpages/smbd.8
+++ b/docs/manpages/smbd.8
@@ -1,407 +1,310 @@
-.TH SMBD 8 17/1/1995 smbd smbd
+.\" This manpage has been automatically generated by docbook2man-spec
+.\" from a DocBook document. docbook2man-spec can be found at:
+.\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/>
+.\" Please send any bug reports, improvements, comments, patches,
+.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.TH "SMBD" "8" "28 January 2002" "" ""
.SH NAME
-smbd \- provide SMB (aka LanManager) services to clients
+smbd \- server to provide SMB/CIFS services to clients
.SH SYNOPSIS
-.B smbd
-[
-.B -D
-] [
-.B -a
-] [
-.B -d
-.I debuglevel
-] [
-.B -l
-.I log file
-] [
-.B -p
-.I port number
-] [
-.B -O
-.I socket options
-] [
-.B -s
-.I configuration file
-]
-.SH DESCRIPTION
+.sp
+\fBsmbd\fR [ \fB-D\fR ] [ \fB-a\fR ] [ \fB-i\fR ] [ \fB-o\fR ] [ \fB-P\fR ] [ \fB-h\fR ] [ \fB-V\fR ] [ \fB-b\fR ] [ \fB-d <debug level>\fR ] [ \fB-l <log directory>\fR ] [ \fB-p <port number>\fR ] [ \fB-O <socket option>\fR ] [ \fB-s <configuration file>\fR ]
+.SH "DESCRIPTION"
+.PP
This program is part of the Samba suite.
-
-.B smbd
-is a server that can provide most SMB services. The
-server provides filespace and printer services to clients using the SMB
-protocol. This is compatible with the LanManager protocol, and can
-service LanManager clients.
-
-An extensive description of the services that the server can provide is given
-in the man page for the configuration file controlling the attributes of those
-services (see
-.B smb.conf(5)). This man page will not describe the services, but
-will concentrate on the administrative aspects of running the server.
-
-Please note that there are significant security implications to running this
-server, and
-.B smb.conf(5) should be regarded as mandatory reading before proceeding with
-installation.
-
-A session is created whenever a client requests one. Each client gets a copy
-of the server for each session. This copy then services all connections made
-by the client during that session. When all connections from its client are
-are closed, the copy of the server for that client terminates.
-
-The configuration file is automatically reloaded if it changes. You
-can force a reload by sending a SIGHUP to the server.
-
-.SH OPTIONS
-.B -D
-
-.RS 3
-If specified, this parameter causes the server to operate as a daemon. That is,
-it detaches itself and runs in the background, fielding requests on the
-appropriate port.
-
-By default, the server will NOT operate as a daemon.
-.RE
-
-.B -a
-
-.RS 3
-If this parameter is specified, the log files will be overwritten with each
-new connection. By default, the log files will be appended to.
-.RE
-
-.B -d
-.I debuglevel
-.RS 3
-
-debuglevel is an integer from 0 to 5.
-
-The default value if this parameter is not specified is zero.
-
-The higher this value, the more detail will be logged to the log files about
-the activities of the server. At level 0, only critical errors and serious
-warnings will be logged. Level 1 is a reasonable level for day to day running
-- it generates a small amount of information about operations carried out.
-
-Levels above 1 will generate considerable amounts of log data, and should
-only be used when investigating a problem. Levels above 3 are designed for
-use only by developers and generate HUGE amounts of log data, most of which
-is extremely cryptic.
-.RE
-
-.B -l
-.I log file
-
-.RS 3
-If specified,
-.I logfile
-specifies a base filename into which operational data from the running server
-will be logged.
-
-The default base name is specified at compile time.
-
-The base name is used to generate actual log file names. For example, if the
-name specified was "log", the following files would be used for log data:
-
-.RS 3
-log.debug (containing debugging information)
-
-log.in (containing inbound transaction data)
-
-log.out (containing outbound transaction data)
-.RE
-
-The log files generated are never removed by the server.
-.RE
-
-.B -O
-.I socket options
-.RS 3
-
-See the socket options section of smb.conf(5) for details
-
-.RE
-.B -p
-.I port number
-.RS 3
-
-port number is a positive integer value.
-
-The default value if this parameter is not specified is 139.
-
-This number is the port number that will be used when making connections to
-the server from client software. The standard (well-known) port number for the
-server is 139, hence the default. If you wish to run the server as an ordinary
-user rather than as root, most systems will require you to use a port number
-greater than 1024 - ask your system administrator for help if you are in this
-situation.
-
-This parameter is not normally specified except in the above situation.
-.RE
-
-.B -s
-.I configuration file
-
-.RS 3
-The default configuration file name is determined at compile time.
-
-The file specified contains the configuration details required by the server.
-The information in this file includes server-specific information such as
-what printcap file to use, as well as descriptions of all the services that the
-server is to provide. See
-.B smb.conf(5) for more information.
-.RE
-
-.SH FILES
-
-.B /etc/inetd.conf
-
-.RS 3
-If the server is to be run by the inetd meta-daemon, this file must contain
-suitable startup information for the meta-daemon. See the section
-"INSTALLATION" below.
-.RE
-
-.B /etc/rc
-
-.RS 3
-(or whatever initialisation script your system uses)
-
-If running the server as a daemon at startup, this file will need to contain
-an appropriate startup sequence for the server. See the section "INSTALLATION"
-below.
-.RE
-
-.B /etc/services
-
-.RS 3
-If running the server via the meta-daemon inetd, this file must contain a
-mapping of service name (eg., netbios-ssn) to service port (eg., 139) and
-protocol type (eg., tcp). See the section "INSTALLATION" below.
-.RE
-
-.B /usr/local/smb/smb.conf
-
-.RS 3
-This file describes all the services the server is to make available to
-clients. See
-.B smb.conf(5) for more information.
-.RE
-.RE
-
-.SH LIMITATIONS
-
-On some systems smbd cannot change uid back to root after a setuid() call.
-Such systems are called "trapdoor" uid systems. If you have such a system,
-you will be unable to connect from a client (such as a PC) as two different
-users at once. Attempts to connect the second user will result in "access
-denied" or similar.
-
-.SH ENVIRONMENT VARIABLES
-
-.B PRINTER
-
-.RS 3
-If no printer name is specified to printable services, most systems will
-use the value of this variable (or "lp" if this variable is not defined)
-as the name of the printer to use. This is not specific to the server,
-however.
-.RE
-
-.SH INSTALLATION
-The location of the server and its support files is a matter for individual
-system administrators. The following are thus suggestions only.
-
-It is recommended that the server software be installed under the
-/usr/local hierarchy, in a directory readable by all, writeable only
-by root. The server program itself should be executable by all, as
-users may wish to run the server themselves (in which case it will of
-course run with their privileges). The server should NOT be
-setuid. On some systems it may be worthwhile to make smbd setgid to an
-empty group. This is because some systems may have a security hole where
-daemon processes that become a user can be attached to with a
-debugger. Making the smbd file setgid to an empty group may prevent
-this hole from being exploited. This secrity hole and the suggested
-fix has only been confirmed on Linux at the time this was written. It
-is possible that this hole only exists in Linux, as testing on other
-systems has thus far shown them to be immune.
-
-The server log files should be put in a directory readable and writable only
-by root, as the log files may contain sensitive information.
-
-The configuration file should be placed in a directory readable and writable
-only by root, as the configuration file controls security for the services
-offered by the server. The configuration file can be made readable by all if
-desired, but this is not necessary for correct operation of the server and
-is not recommended. A sample configuration file "smb.conf.sample" is supplied
-with the source to the server - this may be renamed to "smb.conf" and
-modified to suit your needs.
-
-The remaining notes will assume the following:
-
-.RS 3
-smbd (the server program) installed in /usr/local/smb
-
-smb.conf (the configuration file) installed in /usr/local/smb
-
-log files stored in /var/adm/smblogs
-.RE
-
-The server may be run either as a daemon by users or at startup, or it may
-be run from a meta-daemon such as inetd upon request. If run as a daemon, the
-server will always be ready, so starting sessions will be faster. If run from
-a meta-daemon some memory will be saved and utilities such as the tcpd
-TCP-wrapper may be used for extra security.
-
-When you've decided, continue with either "RUNNING THE SERVER AS A DAEMON" or
-"RUNNING THE SERVER ON REQUEST".
-.SH RUNNING THE SERVER AS A DAEMON
-To run the server as a daemon from the command line, simply put the "-D" option
-on the command line. There is no need to place an ampersand at the end of the
-command line - the "-D" option causes the server to detach itself from the
-tty anyway.
-
-Any user can run the server as a daemon (execute permissions permitting, of
-course). This is useful for testing purposes, and may even be useful as a
-temporary substitute for something like ftp. When run this way, however, the
-server will only have the privileges of the user who ran it.
-
-To ensure that the server is run as a daemon whenever the machine is started,
-and to ensure that it runs as root so that it can serve multiple clients, you
-will need to modify the system startup files. Wherever appropriate (for
-example, in /etc/rc), insert the following line, substituting
-port number, log file location, configuration file location and debug level as
-desired:
-
-.RS 3
-/usr/local/smb/smbd -D -l /var/adm/smblogs/log -s /usr/local/smb/smb.conf
-.RE
-
-(The above should appear in your initialisation script as a single line.
-Depending on your terminal characteristics, it may not appear that way in
-this man page. If the above appears as more than one line, please treat any
-newlines or indentation as a single space or TAB character.)
-
-If the options used at compile time are appropriate for your system, all
-parameters except the desired debug level and "-D" may be omitted. See the
-section "OPTIONS" above.
-.SH RUNNING THE SERVER ON REQUEST
-If your system uses a meta-daemon such as inetd, you can arrange to have the
-smbd server started whenever a process attempts to connect to it. This requires
-several changes to the startup files on the host machine. If you are
-experimenting as an ordinary user rather than as root, you will need the
-assistance of your system administrator to modify the system files.
-
-You will probably want to set up the name server
-.B nmbd
-at the same time as
-the smbd - refer to the man page
-.B nmbd(8).
-
-First, ensure that a port is configured in the file /etc/services. The
-well-known port 139 should be used if possible, though any port may be used.
-
-Ensure that a line similar to the following is in /etc/services:
-
-.RS 3
-netbios-ssn 139/tcp
-.RE
-
-Note for NIS/YP users - you may need to rebuild the NIS service maps rather
-than alter your local /etc/services file.
-
-Next, put a suitable line in the file /etc/inetd.conf (in the unlikely event
-that you are using a meta-daemon other than inetd, you are on your own). Note
-that the first item in this line matches the service name in /etc/services.
-Substitute appropriate values for your system in this line (see
-.B inetd(8)):
-
-.RS 3
-netbios-ssn stream tcp nowait root /usr/local/smb/smbd -d1
--l/var/adm/smblogs/log -s/usr/local/smb/smb.conf
-.RE
-
-(The above should appear in /etc/inetd.conf as a single line. Depending on
-your terminal characteristics, it may not appear that way in this man page.
-If the above appears as more than one line, please treat any newlines or
-indentation as a single space or TAB character.)
-
-Note that there is no need to specify a port number here, even if you are
-using a non-standard port number.
-
-Lastly, edit the configuration file to provide suitable services. To start
-with, the following two services should be all you need:
-
-.RS 3
-[homes]
-.RS 3
- writable = yes
-.RE
-
-[printers]
-.RS 3
- writable = no
- printable = yes
- path = /tmp
- public = yes
-.RE
-.RE
-
-This will allow you to connect to your home directory and print to any printer
-supported by the host (user privileges permitting).
-.SH TESTING THE INSTALLATION
-If running the server as a daemon, execute it before proceeding. If
-using a meta-daemon, either restart the system or kill and restart the
-meta-daemon. Some versions of inetd will reread their configuration tables if
-they receive a HUP signal.
-
-If your machine's name is "fred" and your name is "mary", you should now be
-able to connect to the service "\\\\fred\\mary".
-
-To properly test and experiment with the server, we recommend using the
-smbclient program (see
-.B smbclient(1)).
-.SH VERSION
-This man page is (mostly) correct for version 1.9.00 of the Samba suite, plus some
-of the recent patches to it. These notes will necessarily lag behind
-development of the software, so it is possible that your version of
-the server has extensions or parameter semantics that differ from or are not
-covered by this man page. Please notify these to the address below for
-rectification.
-.SH SEE ALSO
-.B hosts_access(5),
-.B inetd(8),
-.B nmbd(8),
-.B smb.conf(5),
-.B smbclient(1),
-.B testparm(1),
-.B testprns(1)
-
-.SH DIAGNOSTICS
-[This section under construction]
-
-Most diagnostics issued by the server are logged in a specified log file. The
-log file name is specified at compile time, but may be overridden on the
+.PP
+\fBsmbd\fR is the server daemon that
+provides filesharing and printing services to Windows clients.
+The server provides filespace and printer services to
+clients using the SMB (or CIFS) protocol. This is compatible
+with the LanManager protocol, and can service LanManager
+clients. These include MSCLIENT 3.0 for DOS, Windows for
+Workgroups, Windows 95/98/ME, Windows NT, Windows 2000,
+OS/2, DAVE for Macintosh, and smbfs for Linux.
+.PP
+An extensive description of the services that the
+server can provide is given in the man page for the
+configuration file controlling the attributes of those
+services (see \fIsmb.conf(5)
+\fR. This man page will not describe the
+services, but will concentrate on the administrative aspects
+of running the server.
+.PP
+Please note that there are significant security
+implications to running this server, and the \fIsmb.conf(5)\fR
+manpage should be regarded as mandatory reading before
+proceeding with installation.
+.PP
+A session is created whenever a client requests one.
+Each client gets a copy of the server for each session. This
+copy then services all connections made by the client during
+that session. When all connections from its client are closed,
+the copy of the server for that client terminates.
+.PP
+The configuration file, and any files that it includes,
+are automatically reloaded every minute, if they change. You
+can force a reload by sending a SIGHUP to the server. Reloading
+the configuration file will not affect connections to any service
+that is already established. Either the user will have to
+disconnect from the service, or \fBsmbd\fR killed and restarted.
+.SH "OPTIONS"
+.TP
+\fB-D\fR
+If specified, this parameter causes
+the server to operate as a daemon. That is, it detaches
+itself and runs in the background, fielding requests
+on the appropriate port. Operating the server as a
+daemon is the recommended way of running \fBsmbd\fR for
+servers that provide more than casual use file and
+print services. This switch is assumed if \fBsmbd
+\fRis executed on the command line of a shell.
+.TP
+\fB-a\fR
+If this parameter is specified, each new
+connection will append log messages to the log file.
+This is the default.
+.TP
+\fB-i\fR
+If this parameter is specified it causes the
+server to run "interactively", not as a daemon, even if the
+server is executed on the command line of a shell. Setting this
+parameter negates the implicit deamon mode when run from the
command line.
-
-The number and nature of diagnostics available depends on the debug level used
-by the server. If you have problems, set the debug level to 3 and peruse the
-log files.
-
-Most messages are reasonably self-explanatory. Unfortunately, at time of
-creation of this man page the source code is still too fluid to warrant
-describing each and every diagnostic. At this stage your best bet is still
-to grep the source code and inspect the conditions that gave rise to the
+.TP
+\fB-o\fR
+If this parameter is specified, the
+log files will be overwritten when opened. By default,
+\fBsmbd\fR will append entries to the log
+files.
+.TP
+\fB-P\fR
+Passive option. Causes \fBsmbd\fR not to
+send any network traffic out. Used for debugging by
+the developers only.
+.TP
+\fB-h\fR
+Prints the help information (usage)
+for \fBsmbd\fR.
+.TP
+\fB-v\fR
+Prints the version number for
+\fBsmbd\fR.
+.TP
+\fB-b\fR
+Prints information about how
+Samba was built.
+.TP
+\fB-d <debug level>\fR
+\fIdebuglevel\fR is an integer
+from 0 to 10. The default value if this parameter is
+not specified is zero.
+
+The higher this value, the more detail will be
+logged to the log files about the activities of the
+server. At level 0, only critical errors and serious
+warnings will be logged. Level 1 is a reasonable level for
+day to day running - it generates a small amount of
+information about operations carried out.
+
+Levels above 1 will generate considerable
+amounts of log data, and should only be used when
+investigating a problem. Levels above 3 are designed for
+use only by developers and generate HUGE amounts of log
+data, most of which is extremely cryptic.
+
+Note that specifying this parameter here will
+override the log
+levelfile.
+.TP
+\fB-l <log directory>\fR
+If specified,
+\fIlog directory\fR
+specifies a log directory into which the "log.smbd" log
+file will be created for informational and debug
+messages from the running server. The log
+file generated is never removed by the server although
+its size may be controlled by the max log size
+option in the \fI smb.conf(5)\fRfile.
+
+The default log directory is specified at
+compile time.
+.TP
+\fB-O <socket options>\fR
+See the socket options
+parameter in the \fIsmb.conf(5)
+\fRfile for details.
+.TP
+\fB-p <port number>\fR
+\fIport number\fR is a positive integer
+value. The default value if this parameter is not
+specified is 139.
+
+This number is the port number that will be
+used when making connections to the server from client
+software. The standard (well-known) port number for the
+SMB over TCP is 139, hence the default. If you wish to
+run the server as an ordinary user rather than
+as root, most systems will require you to use a port
+number greater than 1024 - ask your system administrator
+for help if you are in this situation.
+
+In order for the server to be useful by most
+clients, should you configure it on a port other
+than 139, you will require port redirection services
+on port 139, details of which are outlined in rfc1002.txt
+section 4.3.5.
+
+This parameter is not normally specified except
+in the above situation.
+.TP
+\fB-s <configuration file>\fR
+The file specified contains the
+configuration details required by the server. The
+information in this file includes server-specific
+information such as what printcap file to use, as well
+as descriptions of all the services that the server is
+to provide. See \fI smb.conf(5)\fRfor more information.
+The default configuration file name is determined at
+compile time.
+.SH "FILES"
+.TP
+\fB\fI/etc/inetd.conf\fB\fR
+If the server is to be run by the
+\fBinetd\fR meta-daemon, this file
+must contain suitable startup information for the
+meta-daemon. See the UNIX_INSTALL.html
+document for details.
+.TP
+\fB\fI/etc/rc\fB\fR
+or whatever initialization script your
+system uses).
+
+If running the server as a daemon at startup,
+this file will need to contain an appropriate startup
+sequence for the server. See the UNIX_INSTALL.html
+document for details.
+.TP
+\fB\fI/etc/services\fB\fR
+If running the server via the
+meta-daemon \fBinetd\fR, this file
+must contain a mapping of service name (e.g., netbios-ssn)
+to service port (e.g., 139) and protocol type (e.g., tcp).
+See the UNIX_INSTALL.html
+document for details.
+.TP
+\fB\fI/usr/local/samba/lib/smb.conf\fB\fR
+This is the default location of the
+\fIsmb.conf\fR
+server configuration file. Other common places that systems
+install this file are \fI/usr/samba/lib/smb.conf\fR
+and \fI/etc/smb.conf\fR.
+
+This file describes all the services the server
+is to make available to clients. See \fIsmb.conf(5)\fRfor more information.
+.SH "LIMITATIONS"
+.PP
+On some systems \fBsmbd\fR cannot change uid back
+to root after a setuid() call. Such systems are called
+trapdoor uid systems. If you have such a system,
+you will be unable to connect from a client (such as a PC) as
+two different users at once. Attempts to connect the
+second user will result in access denied or
+similar.
+.SH "ENVIRONMENT VARIABLES"
+.TP
+\fBPRINTER\fR
+If no printer name is specified to
+printable services, most systems will use the value of
+this variable (or lp if this variable is
+not defined) as the name of the printer to use. This
+is not specific to the server, however.
+.SH "PAM INTERACTION"
+.PP
+Samba uses PAM for authentication (when presented with a plaintext
+password), for account checking (is this account disabled?) and for
+session management. The degree too which samba supports PAM is restricted
+by the limitations of the SMB protocol and the
+obey pam restricions
+smb.conf paramater. When this is set, the following restrictions apply:
+.TP 0.2i
+\(bu
+\fBAccount Validation\fR: All acccesses to a
+samba server are checked
+against PAM to see if the account is vaild, not disabled and is permitted to
+login at this time. This also applies to encrypted logins.
+.TP 0.2i
+\(bu
+\fBSession Management\fR: When not using share
+level secuirty, users must pass PAM's session checks before access
+is granted. Note however, that this is bypassed in share level secuirty.
+Note also that some older pam configuration files may need a line
+added for session support.
+.SH "VERSION"
+.PP
+This man page is correct for version 2.2 of
+the Samba suite.
+.SH "DIAGNOSTICS"
+.PP
+Most diagnostics issued by the server are logged
+in a specified log file. The log file name is specified
+at compile time, but may be overridden on the command line.
+.PP
+The number and nature of diagnostics available depends
+on the debug level used by the server. If you have problems, set
+the debug level to 3 and peruse the log files.
+.PP
+Most messages are reasonably self-explanatory. Unfortunately,
+at the time this man page was created, there are too many diagnostics
+available in the source code to warrant describing each and every
+diagnostic. At this stage your best bet is still to grep the
+source code and inspect the conditions that gave rise to the
diagnostics you are seeing.
-
-.SH BUGS
-None known.
-.SH CREDITS
-The original Samba software and related utilities were created by
-Andrew Tridgell (samba-bugs@anu.edu.au). Andrew is also the Keeper
-of the Source for this project.
-
-This man page written by Karl Auer (Karl.Auer@anu.edu.au)
-
-See
-.B smb.conf(5) for a full list of contributors and details on how to
-submit bug reports, comments etc.
+.SH "SIGNALS"
+.PP
+Sending the \fBsmbd\fR a SIGHUP will cause it to
+reload its \fIsmb.conf\fR configuration
+file within a short period of time.
+.PP
+To shut down a user's \fBsmbd\fR process it is recommended
+that \fBSIGKILL (-9)\fR \fBNOT\fR
+be used, except as a last resort, as this may leave the shared
+memory area in an inconsistent state. The safe way to terminate
+an \fBsmbd\fR is to send it a SIGTERM (-15) signal and wait for
+it to die on its own.
+.PP
+The debug log level of \fBsmbd\fR may be raised
+or lowered using \fBsmbcontrol(1)
+\fRprogram (SIGUSR[1|2] signals are no longer used in
+Samba 2.2). This is to allow transient problems to be diagnosed,
+whilst still running at a normally low log level.
+.PP
+Note that as the signal handlers send a debug write,
+they are not re-entrant in \fBsmbd\fR. This you should wait until
+\fBsmbd\fR is in a state of waiting for an incoming SMB before
+issuing them. It is possible to make the signal handlers safe
+by un-blocking the signals before the select call and re-blocking
+them after, however this would affect performance.
+.SH "SEE ALSO"
+.PP
+hosts_access(5), \fBinetd(8)\fR,
+\fBnmbd(8)\fR,
+\fIsmb.conf(5)\fR
+, \fBsmbclient(1)
+\fR, and the Internet RFC's
+\fIrfc1001.txt\fR, \fIrfc1002.txt\fR.
+In addition the CIFS (formerly SMB) specification is available
+as a link from the Web page
+http://samba.org/cifs/ <URL:http://samba.org/cifs/>.
+.SH "AUTHOR"
+.PP
+The original Samba software and related utilities
+were created by Andrew Tridgell. Samba is now developed
+by the Samba Team as an Open Source project similar
+to the way the Linux kernel is developed.
+.PP
+The original Samba man pages were written by Karl Auer.
+The man page sources were converted to YODL format (another
+excellent piece of Open Source software, available at
+ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0
+release by Jeremy Allison. The conversion to DocBook for
+Samba 2.2 was done by Gerald Carter