From 14039d5122e2263e99ca08e1b32a3c1482afdc3f Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 11 Nov 1998 22:22:21 +0000 Subject: Added swat html & manpage. Jeremy. (This used to be commit cce693135e146c9f4c9243f3dcb5091c46d1fcdb) --- docs/htmldocs/swat.8.html | 196 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 196 insertions(+) create mode 100644 docs/htmldocs/swat.8.html (limited to 'docs/htmldocs/swat.8.html') diff --git a/docs/htmldocs/swat.8.html b/docs/htmldocs/swat.8.html new file mode 100644 index 0000000000..4a2eeec3d5 --- /dev/null +++ b/docs/htmldocs/swat.8.html @@ -0,0 +1,196 @@ + + + + + +swat + + + + + +

+ +

swat

Samba

23 Oct 1998

+ + + + +

NAME

+ swat - swat - Samba Web Administration Tool +

SYNOPSIS

+ +

swat [-s smb config file] [-a] +

DESCRIPTION

+ +

This program is part of the Samba suite. +

swat allows a Samba administrator to configure the complex +smb.conf file via a Web browser. In +addition, a swat configuration page has help links to all the +configurable options in the smb.conf file +allowing an administrator to easily look up the effects of any change. +

swat can be run as a stand-alone daemon, from inetd, +or invoked via CGI from a Web server. +

OPTIONS

+ +

-s smb configuration file The default configuration file path is +determined at compile time. +

The file specified contains the configuration details required by the +smbd server. This is the file that swat will +modify. The information in this file includes server-specific +information such as what printcap file to use, as well as descriptions +of all the services that the server is to provide. See smb.conf +(5) for more information. +

+
-a +

This option is only used if swat is running as it's own mini-web +server (see the INSTALLATION section below). +

This option removes the need for authentication needed to modify the +smb.conf file. **THIS IS ONLY MEANT FOR +DEMOING SWAT AND MUST NOT BE SET IN NORMAL SYSTEMS** as it would +allow *ANYONE* to modify the smb.conf +file, thus giving them root access. +

INSTALLATION

+ +

After you compile SWAT you need to run "make install" to install the +swat binary and the various help files and images. A default install +would put these in: +

+
+/usr/local/samba/bin/swat
+/usr/local/samba/swat/images/*
+/usr/local/samba/swat/help/*
+
+

+ +

RUNNING VIA INETD

+ +

You need to edit your /etc/inetd.conf and /etc/services to +enable SWAT to be launched via inetd. Note that swat can also +be launched via the cgi-bin mechanisms of a web server (such as +apache) and that is described below in the section RUNNING VIA +CGI-BIN. +

In /etc/services you need to add a line like this: +

swat 901/tcp +

Note for NIS/YP users - you may need to rebuild the NIS service maps +rather than alter your local /etc/services file. +

the choice of port number isn't really important except that it should +be less than 1024 and not currently used (using a number above 1024 +presents an obscure security hole depending on the implementation +details of your inetd daemon). +

In /etc/inetd.conf you should add a line like this: +

swat stream tcp nowait.400 root /usr/local/samba/bin/swat swat +

If you just want to see a demo of how swat works and don't want to be +able to actually change any Samba config via swat then you may chose +to change "root" to some other user that does not have permission +to write to smb.conf. +

One you have edited /etc/services and /etc/inetd.conf you need +to send a HUP signal to inetd. To do this use "kill -1 PID" where +PID is the process ID of the inetd daemon. +

RUNNING VIA CGI-BIN

+ +

To run swat via your web servers cgi-bin capability you need to +copy the swat binary to your cgi-bin directory. Note that you +should run swat either via inetd or via +cgi-bin but not both. +

Then you need to create a swat/ directory in your web servers root +directory and copy the images/* and help/* files found in the +swat/ directory of your Samba source distribution into there so +that they are visible via the URL http://your.web.server/swat/ +

Next you need to make sure you modify your web servers authentication +to require a username/pssword for the URL +http://your.web.server/cgi-bin/swat. **Don't forget this +step!** If you do forget it then you will be allowing anyone to edit +your Samba configuration which would allow them to easily gain root +access on your machine. +

After testing the authentication you need to change the ownership and +permissions on the swat binary. It should be owned by root wth the +setuid bit set. It should be ONLY executable by the user that the web +server runs as. Make sure you do this carefully! +

for example, the following would be correct if the web server ran as +group "nobody". +

-rws--x--- 1 root nobody +

You must also realise that this means that any user who can run +programs as the "nobody" group can run swat and modify your +Samba config. Be sure to think about this! +

LAUNCHING

+ +

To launch swat just run your favourite web browser and point it at +http://localhost:901/ or http://localhost/cgi-bin/swat/ +depending on how you installed it. +

Note that you can attach to swat from any IP connected machine but +connecting from a remote machine leaves your connection open to +password sniffing as passwords will be sent in the clear over the +wire. +

If installed via inetd then you should be prompted for a +username/password when you connect. You will need to provide the +username "root" and the correct root password. More sophisticated +authentication options are planned for future versions of swat. +

If installed via cgi-bin then you should receive whatever +authentication request you configured in your web server. +

FILES

+ +

/etc/inetd.conf +

If the server is to be run by the inetd meta-daemon, this file must +contain suitable startup information for the meta-daemon. See the +section RUNNING VIA INETD above. +

/etc/services +

If running the server via the meta-daemon inetd, this file must +contain a mapping of service name (eg., swat) to service port +(eg., 901) and protocol type (eg., tcp). See the section +RUNNING VIA INETD above. +

/usr/local/samba/lib/smb.conf +

This is the default location of the smb.conf server configuration +file that swat edits. Other common places that systems install +this file are /usr/samba/lib/smb.conf and /etc/smb.conf. +

This file describes all the services the server is to make available +to clients. See smb.conf (5) for more information. +

WARNINGS

+ +

swat will rewrite your smb.conf file. It +will rearrange the entries and delete all comments, +"include=" and +"copy=" options. If you have a +carefully crafted smb.conf then back it up +or don't use swat! +

VERSION

+ +

This man page is correct for version 2.0 of the Samba suite. +

AUTHOR

+ +

The original Samba software and related utilities were created by +Andrew Tridgell (samba-bugs@samba.anu.edu.au). Samba is now developed +by the Samba Team as an Open Source project similar to the way the +Linux kernel is developed. +

The original Samba man pages were written by Karl Auer. The man page +sources were converted to YODL format (another excellent piece of Open +Source software, available at +ftp://ftp.icce.rug.nl/pub/unix/) +and updated for the Samba2.0 release by Jeremy Allison. +samba-bugs@samba.anu.edu.au. +

See samba (7) to find out how to get a full +list of contributors and details on how to submit bug reports, +comments etc. + + -- cgit