/usr/local/samba/swat/images/*
/usr/local/samba/swat/help/*
+Running via inetd
+-----------------
+
You then need to edit your /etc/inetd.conf and /etc/services to enable
SWAT to be launched via inetd. Note that SWAT can also be launched via
-the cgi-bin mechanisms of a web server (such as apache) but that is
-not described here and has not been tested recently.
+the cgi-bin mechanisms of a web server (such as apache) and that is
+described below.
In /etc/services you need to add a line like this:
In /etc/inetd.conf you should add a line like this:
-swat stream tcp nowait root /usr/local/samba/bin/swat swat
+swat stream tcp nowait.400 root /usr/local/samba/bin/swat swat
-If you just want to see a demo of ho swat works and don't want to be
+If you just want to see a demo of how swat works and don't want to be
able to actually change any Samba config via swat then you may chose
to change "root" to some other user that does not have permission to
write to smb.conf.
on others you will need to use "kill -1 PID" where PID is the process
ID of the inetd daemon.
+
+Running via cgi-bin
+-------------------
+
+To run SWAT via your web servers cgi-bin capability you need to copy
+the swat binary to your cgi-bin directory. Note that you should run
+SWAT either via inetd or via cgi-bin but not both.
+
+Then you need to create a swat directory in your web servers root
+directory and copy the images/* and help/* files into there so that
+they are visible via the URL http://your.web.server/swat/
+
+Next you need to make sure you modify your web servers authentication
+to require a username/pssword for the URL
+http://your.web.server/cgi-bin/swat. Don't forgt this step! If you do
+forget it then you will be allowing anyone to edit your Samba
+configuration which would allow them to easily gain root access on your
+machine.
+
+After testing the authentication you need to change the ownership and
+permissions on the swat binary. It should be owned by root wth the
+setuid bit set. It should be ONLY executable by the user that the web
+server runs as. Make sure you do this carefully!
+
+for example, the following would be correct if the web server ran as
+group "nobody".
+
+-rws--x--- 1 root nobody
+
+You must also realise that this means that any user who can run
+programs as the "nobody" group can run swat and modify your Samba
+config. Be sure to think about this!
+
+
Launching
---------
To launch SWAT just run your favourite web browser and point it at
-http://localhost:901/
+http://localhost:901/ or http://localhost/cgi-bin/swat/ depending on
+how you installed it.
Note that you can attach to SWAT from any IP connected machine but
connecting from a remote machine leaves your connection open to
password sniffing as passwords will be sent in the clear over the
wire.
-You should be prompted for a username/password when you connect. You
-will need to provide the username "root" and the correct root
-password. More sophisticated authentication options are planned for
-future versions of SWAT.
+If installed via inetd then you should be prompted for a
+username/password when you connect. You will need to provide the
+username "root" and the correct root password. More sophisticated
+authentication options are planned for future versions of SWAT.
+
+If installed via cgi-bin then you should receive whatever
+authentication request you configured in your web server.
Running
-------