configurable options in the url(bf(smb.conf))(smb.conf.5.html) file
allowing an administrator to easily look up the effects of any change.
-bf(swat) can be run as a stand-alone daemon, from bf(inetd),
-or invoked via CGI from a Web server.
+bf(swat) is run from bf(inetd)
label(OPTIONS)
manpageoptions()
label(minusa)
dit(bf(-a))
-This option is only used if bf(swat) is running as it's own mini-web
-server (see the link(bf(INSTALLATION))(INSTALLATION) section below).
+This option disables authentication and puts bf(swat) in demo mode. In
+that mode anyone will be able to modify the
+url(bf(smb.conf))(smb.conf.5.html) file.
-This option removes the need for authentication needed to modify the
-url(bf(smb.conf))(smb.conf.5.html) file. em(**THIS IS ONLY MEANT FOR
-DEMOING SWAT AND MUST NOT BE SET IN NORMAL SYSTEMS**) as it would
-allow em(*ANYONE*) to modify the url(bf(smb.conf))(smb.conf.5.html)
-file, thus giving them root access.
+Do NOT enable this option on a production server.
endit()
/usr/local/samba/swat/help/*
)
-label(RUNNINGVIAINETD)
-manpagesection(RUNNING VIA INETD)
+label(INETD)
+manpagesection(INETD INSTALLATION)
You need to edit your tt(/etc/inetd.conf) and tt(/etc/services) to
-enable bf(SWAT) to be launched via inetd. Note that bf(swat) can also
-be launched via the cgi-bin mechanisms of a web server (such as
-apache) and that is described below in the section link(bf(RUNNING VIA
-CGI-BIN))(RUNNINGVIACGIBIN).
+enable bf(SWAT) to be launched via inetd.
In tt(/etc/services) you need to add a line like this:
tt(swat stream tcp nowait.400 root /usr/local/samba/bin/swat swat)
-If you just want to see a demo of how swat works and don't want to be
-able to actually change any Samba config via swat then you may chose
-to change tt("root") to some other user that does not have permission
-to write to url(bf(smb.conf))(smb.conf.5.html).
-
One you have edited tt(/etc/services) and tt(/etc/inetd.conf) you need
to send a HUP signal to inetd. To do this use tt("kill -1 PID") where
PID is the process ID of the inetd daemon.
-label(RUNNINGVIACGIBIN)
-manpagesection(RUNNING VIA CGI-BIN)
-
-To run bf(swat) via your web servers cgi-bin capability you need to
-copy the bf(swat) binary to your cgi-bin directory. Note that you
-should run bf(swat) either via link(bf(inetd))(RUNNINGVIAINETD) or via
-cgi-bin but not both.
-
-Then you need to create a tt(swat/) directory in your web servers root
-directory and copy the tt(images/*) and tt(help/*) files found in the
-tt(swat/) directory of your Samba source distribution into there so
-that they are visible via the URL tt(http://your.web.server/swat/)
-
-Next you need to make sure you modify your web servers authentication
-to require a username/pssword for the URL
-tt(http://your.web.server/cgi-bin/swat). em(**Don't forget this
-step!**) If you do forget it then you will be allowing anyone to edit
-your Samba configuration which would allow them to easily gain root
-access on your machine.
-
-After testing the authentication you need to change the ownership and
-permissions on the bf(swat) binary. It should be owned by root with the
-setuid bit set. It should be ONLY executable by the user that the web
-server runs as. Make sure you do this carefully!
-
-for example, the following would be correct if the web server ran as
-group tt("nobody").
-
-tt(-rws--x--- 1 root nobody )
-
-You must also realize that this means that any user who can run
-programs as the tt("nobody") group can run bf(swat) and modify your
-Samba config. Be sure to think about this!
-
label(LAUNCHING)
manpagesection(LAUNCHING)
To launch bf(swat) just run your favorite web browser and point it at
-tt(http://localhost:901/) or tt(http://localhost/cgi-bin/swat/)
-depending on how you installed it.
+tt(http://localhost:901/).
-Note that you can attach to bf(swat) from any IP connected machine but
+bf(Note that you can attach to bf(swat) from any IP connected machine but
connecting from a remote machine leaves your connection open to
password sniffing as passwords will be sent in the clear over the
-wire.
-
-If installed via bf(inetd) then you should be prompted for a
-username/password when you connect. You will need to provide the
-username tt("root") and the correct root password. More sophisticated
-authentication options are planned for future versions of bf(swat).
-
-If installed via cgi-bin then you should receive whatever
-authentication request you configured in your web server.
+wire.)
manpagefiles()
bf(/etc/inetd.conf)
-If the server is to be run by the inetd meta-daemon, this file must
-contain suitable startup information for the meta-daemon. See the
-section link(bf(RUNNING VIA INETD))(RUNNINGVIAINETD) above.
+This file must contain suitable startup information for the
+meta-daemon.
bf(/etc/services)
-If running the server via the meta-daemon inetd, this file must
-contain a mapping of service name (e.g., swat) to service port
-(e.g., 901) and protocol type (e.g., tcp). See the section
-link(bf(RUNNING VIA INETD))(RUNNINGVIAINETD) above.
+This file must contain a mapping of service name (e.g., swat) to
+service port (e.g., 901) and protocol type (e.g., tcp).
bf(/usr/local/samba/lib/smb.conf)
git.samba.org / bbaumbach / samba-autobuild / .git / commitdiff