From 3bb3f2d0ce1165d0cac683f507d838d20c8c743b Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Sat, 14 Nov 1998 03:01:40 +0000
Subject: Update for 2.0beta1. Jeremy. (This used to be commit
 598d0255d40da29ebab3d1a3c9eb66ba654db7b5)

---
 docs/htmldocs/swat.8.html | 84 ++++++++++-------------------------------------
 1 file changed, 18 insertions(+), 66 deletions(-)

(limited to 'docs/htmldocs/swat.8.html')

diff --git a/docs/htmldocs/swat.8.html b/docs/htmldocs/swat.8.html
index 4a2eeec3d5..31afec1a89 100644
--- a/docs/htmldocs/swat.8.html
+++ b/docs/htmldocs/swat.8.html
@@ -3,7 +3,7 @@
  
 
 
-<html><head><title>swat</title>
+<html><head><title>swat (8)</title>
 
 <link rev="made" href="mailto:samba-bugs@samba.anu.edu.au">
 </head>
@@ -11,7 +11,7 @@
 
 <hr>
 
-<h1>swat</h1>
+<h1>swat (8)</h1>
 <h2>Samba</h2>
 <h2>23 Oct 1998</h2>
 
@@ -34,8 +34,7 @@
 addition, a swat configuration page has help links to all the
 configurable options in the <a href="smb.conf.5.html"><strong>smb.conf</strong></a> file
 allowing an administrator to easily look up the effects of any change.
-<p><br><strong>swat</strong> can be run as a stand-alone daemon, from <strong>inetd</strong>,
-or invoked via CGI from a Web server.
+<p><br><strong>swat</strong> is run from <strong>inetd</strong>
 <p><br><a name="OPTIONS"></a>
 <h2>OPTIONS</h2>
     
@@ -51,13 +50,10 @@ of all the services that the server is to provide. See <a href="smb.conf.5.html"
 (5)</a> for more information.
 <p><br><a name="minusa"></a>
 <li><strong><strong>-a</strong></strong> 
-<p><br>This option is only used if <strong>swat</strong> is running as it's own mini-web
-server (see the <a href="swat.8.html#INSTALLATION"><strong>INSTALLATION</strong></a> section below).
-<p><br>This option removes the need for authentication needed to modify the
-<a href="smb.conf.5.html"><strong>smb.conf</strong></a> file. <em>**THIS IS ONLY MEANT FOR
-DEMOING SWAT AND MUST NOT BE SET IN NORMAL SYSTEMS**</em> as it would
-allow <em>*ANYONE*</em> to modify the <a href="smb.conf.5.html"><strong>smb.conf</strong></a>
-file, thus giving them root access.
+<p><br>This option disables authentication and puts <strong>swat</strong> in demo mode. In
+that mode anyone will be able to modify the
+<a href="smb.conf.5.html"><strong>smb.conf</strong></a> file.
+<p><br>Do NOT enable this option on a production server.
 <p><br></ul>
 <p><br><a name="INSTALLATION"></a>
 <h2>INSTALLATION</h2>
@@ -73,14 +69,11 @@ would put these in:
 
 </pre>
 
-<p><br><a name="RUNNINGVIAINETD"></a>
-<h2>RUNNING VIA INETD</h2>
+<p><br><a name="INETD"></a>
+<h2>INETD INSTALLATION</h2>
     
 <p><br>You need to edit your <code>/etc/inetd.conf</code> and <code>/etc/services</code> to
-enable <strong>SWAT</strong> to be launched via inetd. Note that <strong>swat</strong> can also
-be launched via the cgi-bin mechanisms of a web server (such as
-apache) and that is described below in the section <a href="swat.8.html#RUNNINGVIACGIBIN"><strong>RUNNING VIA
-CGI-BIN</strong></a>.
+enable <strong>SWAT</strong> to be launched via inetd. 
 <p><br>In <code>/etc/services</code> you need to add a line like this:
 <p><br><code>swat            901/tcp</code>
 <p><br>Note for NIS/YP users - you may need to rebuild the NIS service maps
@@ -91,67 +84,26 @@ presents an obscure security hole depending on the implementation
 details of your <strong>inetd</strong> daemon).
 <p><br>In <code>/etc/inetd.conf</code> you should add a line like this:
 <p><br><code>swat    stream  tcp     nowait.400  root    /usr/local/samba/bin/swat swat</code>
-<p><br>If you just want to see a demo of how swat works and don't want to be
-able to actually change any Samba config via swat then you may chose
-to change <code>"root"</code> to some other user that does not have permission
-to write to <a href="smb.conf.5.html"><strong>smb.conf</strong></a>.
 <p><br>One you have edited <code>/etc/services</code> and <code>/etc/inetd.conf</code> you need
 to send a HUP signal to inetd. To do this use <code>"kill -1 PID"</code> where
 PID is the process ID of the inetd daemon.
-<p><br><a name="RUNNINGVIACGIBIN"></a>
-<h2>RUNNING VIA CGI-BIN</h2>
-    
-<p><br>To run <strong>swat</strong> via your web servers cgi-bin capability you need to
-copy the <strong>swat</strong> binary to your cgi-bin directory. Note that you
-should run <strong>swat</strong> either via <a href="swat.8.html#RUNNINGVIAINETD"><strong>inetd</strong></a> or via
-cgi-bin but not both.
-<p><br>Then you need to create a <code>swat/</code> directory in your web servers root
-directory and copy the <code>images/*</code> and <code>help/*</code> files found in the
-<code>swat/</code> directory of your Samba source distribution into there so
-that they are visible via the URL <code>http://your.web.server/swat/</code>
-<p><br>Next you need to make sure you modify your web servers authentication
-to require a username/pssword for the URL
-<code>http://your.web.server/cgi-bin/swat</code>. <em>**Don't forget this
-step!**</em> If you do forget it then you will be allowing anyone to edit
-your Samba configuration which would allow them to easily gain root
-access on your machine.
-<p><br>After testing the authentication you need to change the ownership and
-permissions on the <strong>swat</strong> binary. It should be owned by root wth the
-setuid bit set. It should be ONLY executable by the user that the web
-server runs as. Make sure you do this carefully!
-<p><br>for example, the following would be correct if the web server ran as
-group <code>"nobody"</code>.
-<p><br><code>-rws--x---    1 root     nobody    </code>
-<p><br>You must also realise that this means that any user who can run
-programs as the <code>"nobody"</code> group can run <strong>swat</strong> and modify your
-Samba config. Be sure to think about this!
 <p><br><a name="LAUNCHING"></a>
 <h2>LAUNCHING</h2>
     
-<p><br>To launch <strong>swat</strong> just run your favourite web browser and point it at
-<code>http://localhost:901/</code> or <code>http://localhost/cgi-bin/swat/</code>
-depending on how you installed it.
-<p><br>Note that you can attach to <strong>swat</strong> from any IP connected machine but
+<p><br>To launch <strong>swat</strong> just run your favorite web browser and point it at
+<code>http://localhost:901/</code>.
+<p><br><strong>Note that you can attach to <strong>swat</strong> from any IP connected machine but
 connecting from a remote machine leaves your connection open to
 password sniffing as passwords will be sent in the clear over the
-wire.
-<p><br>If installed via <strong>inetd</strong> then you should be prompted for a
-username/password when you connect. You will need to provide the
-username <code>"root"</code> and the correct root password. More sophisticated
-authentication options are planned for future versions of <strong>swat</strong>.
-<p><br>If installed via cgi-bin then you should receive whatever
-authentication request you configured in your web server.
+wire.</strong>
 <p><br><h2>FILES</h2>
     
 <p><br><strong>/etc/inetd.conf</strong>
-<p><br>If the server is to be run by the inetd meta-daemon, this file must
-contain suitable startup information for the meta-daemon. See the
-section <a href="swat.8.html#RUNNINGVIAINETD"><strong>RUNNING VIA INETD</strong></a> above.
+<p><br>This file must contain suitable startup information for the
+meta-daemon. 
 <p><br><strong>/etc/services</strong>
-<p><br>If running the server via the meta-daemon inetd, this file must
-contain a mapping of service name (eg., swat) to service port
-(eg., 901) and protocol type (eg., tcp). See the section
-<a href="swat.8.html#RUNNINGVIAINETD"><strong>RUNNING VIA INETD</strong></a> above.
+<p><br>This file must contain a mapping of service name (e.g., swat) to
+service port (e.g., 901) and protocol type (e.g., tcp). 
 <p><br><strong>/usr/local/samba/lib/smb.conf</strong>
 <p><br>This is the default location of the <em>smb.conf</em> server configuration
 file that <strong>swat</strong> edits. Other common places that systems install
-- 
cgit