From ca12d82eaf4c6bd498208a246ca8a1ca9f47c58b Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 24 Jan 2002 17:04:30 +0000 Subject: merge from 2.2 (This used to be commit 2137c7163475691056fe1701b75128e238520b05) --- docs/htmldocs/smbd.8.html | 409 +++------------------------------------------- 1 file changed, 26 insertions(+), 383 deletions(-) (limited to 'docs/htmldocs/smbd.8.html') diff --git a/docs/htmldocs/smbd.8.html b/docs/htmldocs/smbd.8.html index bfd3440d7b..72fc10e2e4 100644 --- a/docs/htmldocs/smbd.8.html +++ b/docs/htmldocs/smbd.8.html @@ -376,7 +376,12 @@ CLASS="COMMAND" >inetd meta-daemon, this file must contain suitable startup information for the - meta-daemon. See the section INSTALLATION below. + meta-daemon. See the UNIX_INSTALL.html + document for details.

If running the server as a daemon at startup, this file will need to contain an appropriate startup - sequence for the server. See the section INSTALLATION - below.

UNIX_INSTALL.html + document for details.

, this file must contain a mapping of service name (e.g., netbios-ssn) to service port (e.g., 139) and protocol type (e.g., tcp). - See the section INSTALLATION below.

UNIX_INSTALL.html + document for details.

LIMITATIONS

ENVIRONMENT VARIABLES

INSTALLATION

The location of the server and its support files - is a matter for individual system administrators. The following - are thus suggestions only.

It is recommended that the server software be installed - under the /usr/local/samba/ hierarchy, - in a directory readable by all, writeable only by root. The server - program itself should be executable by all, as users may wish to - run the server themselves (in which case it will of course run - with their privileges). The server should NOT be setuid. On some - systems it may be worthwhile to make smbd setgid to an empty group. - This is because some systems may have a security hole where daemon - processes that become a user can be attached to with a debugger. - Making the smbd file setgid to an empty group may prevent - this hole from being exploited. This security hole and the suggested - fix has only been confirmed on old versions (pre-kernel 2.0) of Linux - at the time this was written. It is possible that this hole only - exists in Linux, as testing on other systems has thus far shown them - to be immune.

The server log files should be put in a directory readable and - writeable only by root, as the log files may contain sensitive - information.

The configuration file should be placed in a directory - readable and writeable only by root, as the configuration file - controls security for the services offered by the server. The - configuration file can be made readable by all if desired, but - this is not necessary for correct operation of the server and is - not recommended. A sample configuration file smb.conf.sample - is supplied with the source to the server - this may - be renamed to smb.conf and modified to suit - your needs.

The remaining notes will assume the following:

  • smbd (the server program) - installed in /usr/local/samba/bin

  • smb.conf (the configuration - file) installed in /usr/local/samba/lib

  • log files stored in /var/adm/smblogs -

The server may be run either as a daemon by users - or at startup, or it may be run from a meta-daemon such as - inetd upon request. If run as a daemon, - the server will always be ready, so starting sessions will be - faster. If run from a meta-daemon some memory will be saved and - utilities such as the tcpd TCP-wrapper may be used for extra - security. For serious use as file server it is recommended - that smbd be run as a daemon.

When you've decided, continue with either

  • RUNNING THE SERVER AS A DAEMON or

  • RUNNING THE SERVER ON REQUEST.

RUNNING THE SERVER AS A DAEMON

To run the server as a daemon from the command - line, simply put the -D option on the - command line. There is no need to place an ampersand at - the end of the command line - the -D - option causes the server to detach itself from the tty - anyway.

Any user can run the server as a daemon (execute - permissions permitting, of course). This is useful for - testing purposes, and may even be useful as a temporary - substitute for something like ftp. When run this way, however, - the server will only have the privileges of the user who ran - it.

To ensure that the server is run as a daemon whenever - the machine is started, and to ensure that it runs as root - so that it can serve multiple clients, you will need to modify - the system startup files. Wherever appropriate (for example, in - /etc/rc), insert the following line, - substituting port number, log file location, configuration file - location and debug level as desired:

/usr/local/samba/bin/smbd -D -l /var/adm/smblogs/log - -s /usr/local/samba/lib/smb.conf

(The above should appear in your initialization script - as a single line. Depending on your terminal characteristics, - it may not appear that way in this man page. If the above appears - as more than one line, please treat any newlines or indentation - as a single space or TAB character.)

If the options used at compile time are appropriate for - your system, all parameters except -D may - be omitted. See the section OPTIONS above.

RUNNING THE SERVER ON REQUEST

If your system uses a meta-daemon such as inetd - , you can arrange to have the smbd server started - whenever a process attempts to connect to it. This requires several - changes to the startup files on the host machine. If you are - experimenting as an ordinary user rather than as root, you will - need the assistance of your system administrator to modify the - system files.

You will probably want to set up the NetBIOS name server - nmbd at - the same time as smbd. To do this refer to the - man page for nmbd(8) - .

First, ensure that a port is configured in the file - /etc/services. The well-known port 139 - should be used if possible, though any port may be used.

Ensure that a line similar to the following is in - /etc/services:

netbios-ssn 139/tcp

Note for NIS/YP users - you may need to rebuild the - NIS service maps rather than alter your local /etc/services - file.

Next, put a suitable line in the file /etc/inetd.conf - (in the unlikely event that you are using a meta-daemon - other than inetd, you are on your own). Note that the first item - in this line matches the service name in /etc/services - . Substitute appropriate values for your system - in this line (see inetd(8)):

netbios-ssn stream tcp nowait root /usr/local/samba/bin/smbd - -d1 -l/var/adm/smblogs/log -s/usr/local/samba/lib/smb.conf

(The above should appear in /etc/inetd.conf - as a single line. Depending on your terminal characteristics, it may - not appear that way in this man page. If the above appears as more - than one line, please treat any newlines or indentation as a single - space or TAB character.)

Note that there is no need to specify a port number here, - even if you are using a non-standard port number.

Lastly, edit the configuration file to provide suitable - services. To start with, the following two services should be - all you need:

		[homes]
-		writeable = yes
-
-	[printers]
-		writeable = no
-		printable = yes
-		path = /tmp
-		public = yes
-	
-

This will allow you to connect to your home directory - and print to any printer supported by the host (user privileges - permitting).

PAM INTERACTION

TESTING THE INSTALLATION

If running the server as a daemon, execute it before - proceeding. If using a meta-daemon, either restart the system - or kill and restart the meta-daemon. Some versions of - inetd will reread their configuration - tables if they receive a HUP signal.

If your machine's name is fred and your - name is mary, you should now be able to connect - to the service \\fred\mary. -

To properly test and experiment with the server, we - recommend using the smbclient program (see - smbclient(1)) - and also going through the steps outlined in the file - DIAGNOSIS.txt in the docs/ - directory of your Samba installation.

VERSION

DIAGNOSTICS

SIGNALS

SEE ALSO

AUTHOR