From 55abd936a838a4410899db76cb5530b0c4694dc9 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 10 Oct 2001 17:19:10 +0000 Subject: mega-merge from 2.2 (This used to be commit c76bf8ed3275e217d1b691879153fe9137bcbe38) --- docs/htmldocs/smbd.8.html | 193 ++++++++++++++++++++++++++++++++++++---------- 1 file changed, 152 insertions(+), 41 deletions(-) (limited to 'docs/htmldocs/smbd.8.html') diff --git a/docs/htmldocs/smbd.8.html b/docs/htmldocs/smbd.8.html index 35520b05af..be82ef6d4e 100644 --- a/docs/htmldocs/smbd.8.html +++ b/docs/htmldocs/smbd.8.html @@ -98,12 +98,15 @@ CLASS="FILENAME" can force a reload by sending a SIGHUP to the server. Reloading the configuration file will not affect connections to any service that is already established. Either the user will have to - disconnect from the service, or smbd killed and restarted.

smbd killed and restarted.

OPTIONS

smbd for servers that provide more than casual use file and - print services. This switch is assumed is smbd -P

Passive option. Causes smbd not to +>Passive option. Causes smbd not to send any network traffic out. Used for debugging by the developers only.

-d <debug level>

debuglevel is an integer +>debuglevel is an integer from 0 to 10. The default value if this parameter is not specified is zero.

-l <log file>

If specified, log fileIf specified, log file specifies a log filename into which informational and debug messages from the running server will be logged. The log @@ -261,7 +278,12 @@ CLASS="FILENAME" >-p <port number>

port number is a positive integer +>port number is a positive integer value. The default value if this parameter is not specified is 139.

FILES

LIMITATIONS

ENVIRONMENTVARIABLES

PRINTER
PRINTER

If no printer name is specified to printable services, most systems will use the value of - this variable (or lp if this variable is + this variable (or lp if this variable is not defined) as the name of the printer to use. This is not specific to the server, however.

INSTALLATION

smbd setgid to an empty group. This is because some systems may have a security hole where daemon processes that become a user can be attached to with a debugger. - Making the smbd file setgid to an empty group may prevent + Making the smbd file setgid to an empty group may prevent this hole from being exploited. This security hole and the suggested fix has only been confirmed on old versions (pre-kernel 2.0) of Linux at the time this was written. It is possible that this hole only @@ -567,7 +601,7 @@ CLASS="COMMAND" >

RUNNING THE SERVER AS A DAEMON

RUNNING THE SERVER ON REQUEST

inetd , you can arrange to have the smbd server started +>, you can arrange to have the smbd server started whenever a process attempts to connect to it. This requires several changes to the startup files on the host machine. If you are experimenting as an ordinary user rather than as root, you will @@ -755,7 +792,52 @@ CLASS="COMPUTEROUTPUT" >

PAM INTERACTION

Samba uses PAM for authentication (when presented with a plaintext + password), for account checking (is this account disabled?) and for + session management. The degree too which samba supports PAM is restricted + by the limitations of the SMB protocol and the + obey pam restricions + smb.conf paramater. When this is set, the following restrictions apply: +

  • Account Validation: All acccesses to a + samba server are checked + against PAM to see if the account is vaild, not disabled and is permitted to + login at this time. This also applies to encrypted logins. +

  • Session Management: When not using share + level secuirty, users must pass PAM's session checks before access + is granted. Note however, that this is bypassed in share level secuirty. + Note also that some older pam configuration files may need a line + added for session support. +

TESTING THE INSTALLATION

will reread their configuration tables if they receive a HUP signal.

If your machine's name is fred and your - name is mary, you should now be able to connect +>If your machine's name is fred and your + name is mary, you should now be able to connect to the service \\fred\mary

VERSION

DIAGNOSTICS

SIGNALS

Sending the smbd a SIGHUP will cause it to - re-load its Sending the smbd a SIGHUP will cause it to + reload its smb.conf configuration file within a short period of time.

To shut down a users smbd process it is recommended +>To shut down a user's smbd process it is recommended that SIGKILL (-9) be used, except as a last resort, as this may leave the shared memory area in an inconsistent state. The safe way to terminate - an smbd is to send it a SIGTERM (-15) signal and wait for + an smbd is to send it a SIGTERM (-15) signal and wait for it to die on its own.

The debug log level of smbd may be raised by sending - it a SIGUSR1 (The debug log level of kill -USR1 <smbd-pid>) - and lowered by sending it a SIGUSR2 (smbd may be raised + or lowered using kill -USR2 <smbd-pid> +>smbcontrol(1) ). This is to allow transient problems to be diagnosed, +> program (SIGUSR[1|2] signals are no longer used in + Samba 2.2). This is to allow transient problems to be diagnosed, whilst still running at a normally low log level.

Note that as the signal handlers send a debug write, - they are not re-entrant in smbd. This you should wait until - smbd is in a state of waiting for an incoming smb before + they are not re-entrant in smbd. This you should wait until + smbd is in a state of waiting for an incoming SMB before issuing them. It is possible to make the signal handlers safe by un-blocking the signals before the select call and re-blocking them after, however this would affect performance.

SEE ALSO

AUTHOR