From bfd5df01a33a7c1674a256add3d703e60b02516f Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 14 Mar 1998 04:32:09 +0000 Subject: updated to give instructions on running via cgi-bin (This used to be commit 23a8588765af24544433fedeeb927a4f68cb1263) --- swat/README | 55 ++++++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 48 insertions(+), 7 deletions(-) diff --git a/swat/README b/swat/README index 1d2a15d196..65efba9b0a 100644 --- a/swat/README +++ b/swat/README @@ -17,10 +17,13 @@ would put these in: /usr/local/samba/swat/images/* /usr/local/samba/swat/help/* +Running via inetd +----------------- + You then need to edit your /etc/inetd.conf and /etc/services to enable SWAT to be launched via inetd. Note that SWAT can also be launched via -the cgi-bin mechanisms of a web server (such as apache) but that is -not described here and has not been tested recently. +the cgi-bin mechanisms of a web server (such as apache) and that is +described below. In /etc/services you need to add a line like this: @@ -45,21 +48,59 @@ a HUP signal to inetd. On many systems "killall -1 inetd" will do this on others you will need to use "kill -1 PID" where PID is the process ID of the inetd daemon. + +Running via cgi-bin +------------------- + +To run SWAT via your web servers cgi-bin capability you need to copy +the swat binary to your cgi-bin directory. Note that you should run +SWAT either via inetd or via cgi-bin but not both. + +Then you need to create a swat directory in your web servers root +directory and copy the images/* and help/* files into there so that +they are visible via the URL http://your.web.server/swat/ + +Next you need to make sure you modify your web servers authentication +to require a username/pssword for the URL +http://your.web.server/cgi-bin/swat. Don't forgt this step! If you do +forget it then you will be allowing anyone to edit your Samba +configuration which would allow them to easily gain root access on your +machine. + +After testing the authentication you need to change the ownership and +permissions on the swat binary. It should be owned by root wth the +setuid bit set. It should be ONLY executable by the user that the web +server runs as. Make sure you do this carefully! + +for example, the following would be correct if the web server ran as +group "nobody". + +-rws--x--- 1 root nobody + +You must also realise that this means that any user who can run +programs as the "nobody" group can run swat and modify your Samba +config. Be sure to think about this! + + Launching --------- To launch SWAT just run your favourite web browser and point it at -http://localhost:901/ +http://localhost:901/ or http://localhost/cgi-bin/swat/ depending on +how you installed it. Note that you can attach to SWAT from any IP connected machine but connecting from a remote machine leaves your connection open to password sniffing as passwords will be sent in the clear over the wire. -You should be prompted for a username/password when you connect. You -will need to provide the username "root" and the correct root -password. More sophisticated authentication options are planned for -future versions of SWAT. +If installed via inetd then you should be prompted for a +username/password when you connect. You will need to provide the +username "root" and the correct root password. More sophisticated +authentication options are planned for future versions of SWAT. + +If installed via cgi-bin then you should receive whatever +authentication request you configured in your web server. Running ------- -- cgit