summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>1998-11-11 22:22:21 +0000
committerJeremy Allison <jra@samba.org>1998-11-11 22:22:21 +0000
commitcce693135e146c9f4c9243f3dcb5091c46d1fcdb (patch)
tree37d5de92f15ea4f95b7fd0c385d6980b1dea5b5d
parent87f06c973a2d61f8b57c3cd74f1b8f0cd65c4ffb (diff)
downloadsamba-cce693135e146c9f4c9243f3dcb5091c46d1fcdb.tar.gz
Added swat html & manpage.
Jeremy.
-rw-r--r--docs/htmldocs/smbd.8.html12
-rw-r--r--docs/htmldocs/swat.8.html196
-rw-r--r--docs/manpages/smbd.812
-rw-r--r--docs/manpages/swat.8210
4 files changed, 418 insertions, 12 deletions
diff --git a/docs/htmldocs/smbd.8.html b/docs/htmldocs/smbd.8.html
index 132bfa24a1d..cd00af3b276 100644
--- a/docs/htmldocs/smbd.8.html
+++ b/docs/htmldocs/smbd.8.html
@@ -258,20 +258,20 @@ modify the system files.
<p><br>You will probably want to set up the NetBIOS name server <a href="nmbd.8.html"><strong>nmbd</strong></a> at
the same time as <strong>smbd</strong>. To do this refer to the man page for
<a href="nmbd.8.html"><strong>nmbd (8)</strong></a>.
-<p><br>First, ensure that a port is configured in the file /etc/services. The
+<p><br>First, ensure that a port is configured in the file <code>/etc/services</code>. The
well-known port 139 should be used if possible, though any port may be
used.
-<p><br>Ensure that a line similar to the following is in /etc/services:
+<p><br>Ensure that a line similar to the following is in <code>/etc/services</code>:
<p><br><code>netbios-ssn 139/tcp</code>
<p><br>Note for NIS/YP users - you may need to rebuild the NIS service maps
-rather than alter your local /etc/services file.
-<p><br>Next, put a suitable line in the file /etc/inetd.conf (in the unlikely
+rather than alter your local <code>/etc/services file</code>.
+<p><br>Next, put a suitable line in the file <code>/etc/inetd.conf</code> (in the unlikely
event that you are using a meta-daemon other than inetd, you are on
your own). Note that the first item in this line matches the service
-name in /etc/services. Substitute appropriate values for your system
+name in <code>/etc/services</code>. Substitute appropriate values for your system
in this line (see <strong>inetd (8)</strong>):
<p><br><code>netbios-ssn stream tcp nowait root /usr/local/samba/bin/smbd -d1 -l/var/adm/smblogs/log -s/usr/local/samba/lib/smb.conf</code>
-<p><br>(The above should appear in /etc/inetd.conf as a single
+<p><br>(The above should appear in <code>/etc/inetd.conf</code> as a single
line. Depending on your terminal characteristics, it may not appear
that way in this man page. If the above appears as more than one
line, please treat any newlines or indentation as a single space or
diff --git a/docs/htmldocs/swat.8.html b/docs/htmldocs/swat.8.html
new file mode 100644
index 00000000000..4a2eeec3d51
--- /dev/null
+++ b/docs/htmldocs/swat.8.html
@@ -0,0 +1,196 @@
+
+
+
+
+
+<html><head><title>swat</title>
+
+<link rev="made" href="mailto:samba-bugs@samba.anu.edu.au">
+</head>
+<body>
+
+<hr>
+
+<h1>swat</h1>
+<h2>Samba</h2>
+<h2>23 Oct 1998</h2>
+
+
+
+
+<p><br><a name="NAME"></a>
+<h2>NAME</h2>
+ swat - swat - Samba Web Administration Tool
+<p><br><a name="SYNOPSIS"></a>
+<h2>SYNOPSIS</h2>
+
+<p><br><strong>swat</strong> [<a href="swat.8.html#minuss">-s smb config file</a>] [<a href="swat.8.html#minusa">-a</a>]
+<p><br><a name="DESCRIPTION"></a>
+<h2>DESCRIPTION</h2>
+
+<p><br>This program is part of the <strong>Samba</strong> suite.
+<p><br><strong>swat</strong> allows a Samba administrator to configure the complex
+<a href="smb.conf.5.html"><strong>smb.conf</strong></a> file via a Web browser. In
+addition, a swat configuration page has help links to all the
+configurable options in the <a href="smb.conf.5.html"><strong>smb.conf</strong></a> file
+allowing an administrator to easily look up the effects of any change.
+<p><br><strong>swat</strong> can be run as a stand-alone daemon, from <strong>inetd</strong>,
+or invoked via CGI from a Web server.
+<p><br><a name="OPTIONS"></a>
+<h2>OPTIONS</h2>
+
+<p><br><ul>
+<p><br><a name="minuss"></a>
+<li><strong><strong>-s smb configuration file</strong></strong> The default configuration file path is
+determined at compile time.
+<p><br>The file specified contains the configuration details required by the
+<a href="smbd.8.html"><strong>smbd</strong></a> server. This is the file that <strong>swat</strong> will
+modify. The information in this file includes server-specific
+information such as what printcap file to use, as well as descriptions
+of all the services that the server is to provide. See <a href="smb.conf.5.html">smb.conf
+(5)</a> for more information.
+<p><br><a name="minusa"></a>
+<li><strong><strong>-a</strong></strong>
+<p><br>This option is only used if <strong>swat</strong> is running as it's own mini-web
+server (see the <a href="swat.8.html#INSTALLATION"><strong>INSTALLATION</strong></a> section below).
+<p><br>This option removes the need for authentication needed to modify the
+<a href="smb.conf.5.html"><strong>smb.conf</strong></a> file. <em>**THIS IS ONLY MEANT FOR
+DEMOING SWAT AND MUST NOT BE SET IN NORMAL SYSTEMS**</em> as it would
+allow <em>*ANYONE*</em> to modify the <a href="smb.conf.5.html"><strong>smb.conf</strong></a>
+file, thus giving them root access.
+<p><br></ul>
+<p><br><a name="INSTALLATION"></a>
+<h2>INSTALLATION</h2>
+
+<p><br>After you compile SWAT you need to run <code>"make install"</code> to install the
+swat binary and the various help files and images. A default install
+would put these in:
+<p><br><pre>
+
+/usr/local/samba/bin/swat
+/usr/local/samba/swat/images/*
+/usr/local/samba/swat/help/*
+
+</pre>
+
+<p><br><a name="RUNNINGVIAINETD"></a>
+<h2>RUNNING VIA INETD</h2>
+
+<p><br>You need to edit your <code>/etc/inetd.conf</code> and <code>/etc/services</code> to
+enable <strong>SWAT</strong> to be launched via inetd. Note that <strong>swat</strong> can also
+be launched via the cgi-bin mechanisms of a web server (such as
+apache) and that is described below in the section <a href="swat.8.html#RUNNINGVIACGIBIN"><strong>RUNNING VIA
+CGI-BIN</strong></a>.
+<p><br>In <code>/etc/services</code> you need to add a line like this:
+<p><br><code>swat 901/tcp</code>
+<p><br>Note for NIS/YP users - you may need to rebuild the NIS service maps
+rather than alter your local <code>/etc/services</code> file.
+<p><br>the choice of port number isn't really important except that it should
+be less than 1024 and not currently used (using a number above 1024
+presents an obscure security hole depending on the implementation
+details of your <strong>inetd</strong> daemon).
+<p><br>In <code>/etc/inetd.conf</code> you should add a line like this:
+<p><br><code>swat stream tcp nowait.400 root /usr/local/samba/bin/swat swat</code>
+<p><br>If you just want to see a demo of how swat works and don't want to be
+able to actually change any Samba config via swat then you may chose
+to change <code>"root"</code> to some other user that does not have permission
+to write to <a href="smb.conf.5.html"><strong>smb.conf</strong></a>.
+<p><br>One you have edited <code>/etc/services</code> and <code>/etc/inetd.conf</code> you need
+to send a HUP signal to inetd. To do this use <code>"kill -1 PID"</code> where
+PID is the process ID of the inetd daemon.
+<p><br><a name="RUNNINGVIACGIBIN"></a>
+<h2>RUNNING VIA CGI-BIN</h2>
+
+<p><br>To run <strong>swat</strong> via your web servers cgi-bin capability you need to
+copy the <strong>swat</strong> binary to your cgi-bin directory. Note that you
+should run <strong>swat</strong> either via <a href="swat.8.html#RUNNINGVIAINETD"><strong>inetd</strong></a> or via
+cgi-bin but not both.
+<p><br>Then you need to create a <code>swat/</code> directory in your web servers root
+directory and copy the <code>images/*</code> and <code>help/*</code> files found in the
+<code>swat/</code> directory of your Samba source distribution into there so
+that they are visible via the URL <code>http://your.web.server/swat/</code>
+<p><br>Next you need to make sure you modify your web servers authentication
+to require a username/pssword for the URL
+<code>http://your.web.server/cgi-bin/swat</code>. <em>**Don't forget this
+step!**</em> If you do forget it then you will be allowing anyone to edit
+your Samba configuration which would allow them to easily gain root
+access on your machine.
+<p><br>After testing the authentication you need to change the ownership and
+permissions on the <strong>swat</strong> binary. It should be owned by root wth the
+setuid bit set. It should be ONLY executable by the user that the web
+server runs as. Make sure you do this carefully!
+<p><br>for example, the following would be correct if the web server ran as
+group <code>"nobody"</code>.
+<p><br><code>-rws--x--- 1 root nobody </code>
+<p><br>You must also realise that this means that any user who can run
+programs as the <code>"nobody"</code> group can run <strong>swat</strong> and modify your
+Samba config. Be sure to think about this!
+<p><br><a name="LAUNCHING"></a>
+<h2>LAUNCHING</h2>
+
+<p><br>To launch <strong>swat</strong> just run your favourite web browser and point it at
+<code>http://localhost:901/</code> or <code>http://localhost/cgi-bin/swat/</code>
+depending on how you installed it.
+<p><br>Note that you can attach to <strong>swat</strong> from any IP connected machine but
+connecting from a remote machine leaves your connection open to
+password sniffing as passwords will be sent in the clear over the
+wire.
+<p><br>If installed via <strong>inetd</strong> then you should be prompted for a
+username/password when you connect. You will need to provide the
+username <code>"root"</code> and the correct root password. More sophisticated
+authentication options are planned for future versions of <strong>swat</strong>.
+<p><br>If installed via cgi-bin then you should receive whatever
+authentication request you configured in your web server.
+<p><br><h2>FILES</h2>
+
+<p><br><strong>/etc/inetd.conf</strong>
+<p><br>If the server is to be run by the inetd meta-daemon, this file must
+contain suitable startup information for the meta-daemon. See the
+section <a href="swat.8.html#RUNNINGVIAINETD"><strong>RUNNING VIA INETD</strong></a> above.
+<p><br><strong>/etc/services</strong>
+<p><br>If running the server via the meta-daemon inetd, this file must
+contain a mapping of service name (eg., swat) to service port
+(eg., 901) and protocol type (eg., tcp). See the section
+<a href="swat.8.html#RUNNINGVIAINETD"><strong>RUNNING VIA INETD</strong></a> above.
+<p><br><strong>/usr/local/samba/lib/smb.conf</strong>
+<p><br>This is the default location of the <em>smb.conf</em> server configuration
+file that <strong>swat</strong> edits. Other common places that systems install
+this file are <em>/usr/samba/lib/smb.conf</em> and <em>/etc/smb.conf</em>.
+<p><br>This file describes all the services the server is to make available
+to clients. See <strong>smb.conf (5)</strong> for more information.
+<p><br><a name="WARNINGS"></a>
+<h2>WARNINGS</h2>
+
+<p><br><strong>swat</strong> will rewrite your <a href="smb.conf.5.html"><strong>smb.conf</strong></a> file. It
+will rearrange the entries and delete all comments,
+<a href="smb.conf.5.html#include"><strong>"include="</strong></a> and
+<a href="smb.conf.5.html#copy"><strong>"copy="</strong></a> options. If you have a
+carefully crafted <a href="smb.conf.5.html"><strong>smb.conf</strong></a> then back it up
+or don't use <strong>swat</strong>!
+<p><br><a name="VERSION"></a>
+<h2>VERSION</h2>
+
+<p><br>This man page is correct for version 2.0 of the Samba suite.
+<p><br><a name="SEEALSO"></a>
+<h2>SEE ALSO</h2>
+
+<p><br><strong>inetd (8)</strong>, <a href="nmbd.8.html"><strong>nmbd (8)</strong></a>,
+<a href="smb.conf.5.html"><strong>smb.conf (5)</strong></a>.
+<p><br><a name="AUTHOR"></a>
+<h2>AUTHOR</h2>
+
+<p><br>The original Samba software and related utilities were created by
+Andrew Tridgell (samba-bugs@samba.anu.edu.au). Samba is now developed
+by the Samba Team as an Open Source project similar to the way the
+Linux kernel is developed.
+<p><br>The original Samba man pages were written by Karl Auer. The man page
+sources were converted to YODL format (another excellent piece of Open
+Source software, available at
+<a href="ftp://ftp.icce.rug.nl/pub/unix/"><strong>ftp://ftp.icce.rug.nl/pub/unix/</strong></a>)
+and updated for the Samba2.0 release by Jeremy Allison.
+<a href="mailto:samba-bugs@samba.anu.edu.au"><em>samba-bugs@samba.anu.edu.au</em></a>.
+<p><br>See <a href="samba.7.html"><strong>samba (7)</strong></a> to find out how to get a full
+list of contributors and details on how to submit bug reports,
+comments etc.
+</body>
+</html>
diff --git a/docs/manpages/smbd.8 b/docs/manpages/smbd.8
index 15d3e582db7..c389b8ecd2b 100644
--- a/docs/manpages/smbd.8
+++ b/docs/manpages/smbd.8
@@ -292,26 +292,26 @@ You will probably want to set up the NetBIOS name server \fBnmbd\fP at
the same time as \fBsmbd\fP\&. To do this refer to the man page for
\fBnmbd (8)\fP\&.
.PP
-First, ensure that a port is configured in the file /etc/services\&. The
+First, ensure that a port is configured in the file \f(CW/etc/services\fP\&. The
well-known port 139 should be used if possible, though any port may be
used\&.
.PP
-Ensure that a line similar to the following is in /etc/services:
+Ensure that a line similar to the following is in \f(CW/etc/services\fP:
.PP
\f(CWnetbios-ssn 139/tcp\fP
.PP
Note for NIS/YP users - you may need to rebuild the NIS service maps
-rather than alter your local /etc/services file\&.
+rather than alter your local \f(CW/etc/services file\fP\&.
.PP
-Next, put a suitable line in the file /etc/inetd\&.conf (in the unlikely
+Next, put a suitable line in the file \f(CW/etc/inetd\&.conf\fP (in the unlikely
event that you are using a meta-daemon other than inetd, you are on
your own)\&. Note that the first item in this line matches the service
-name in /etc/services\&. Substitute appropriate values for your system
+name in \f(CW/etc/services\fP\&. Substitute appropriate values for your system
in this line (see \fBinetd (8)\fP):
.PP
\f(CWnetbios-ssn stream tcp nowait root /usr/local/samba/bin/smbd -d1 -l/var/adm/smblogs/log -s/usr/local/samba/lib/smb\&.conf\fP
.PP
-(The above should appear in /etc/inetd\&.conf as a single
+(The above should appear in \f(CW/etc/inetd\&.conf\fP as a single
line\&. Depending on your terminal characteristics, it may not appear
that way in this man page\&. If the above appears as more than one
line, please treat any newlines or indentation as a single space or
diff --git a/docs/manpages/swat.8 b/docs/manpages/swat.8
new file mode 100644
index 00000000000..36b4de140a1
--- /dev/null
+++ b/docs/manpages/swat.8
@@ -0,0 +1,210 @@
+.TH "swat" "8" "23 Oct 1998" "Samba" "SAMBA"
+.PP
+.SH "NAME"
+swat \- swat - Samba Web Administration Tool
+.PP
+.SH "SYNOPSIS"
+.PP
+\fBswat\fP [-s smb config file] [-a]
+.PP
+.SH "DESCRIPTION"
+.PP
+This program is part of the \fBSamba\fP suite\&.
+.PP
+\fBswat\fP allows a Samba administrator to configure the complex
+\fBsmb\&.conf\fP file via a Web browser\&. In
+addition, a swat configuration page has help links to all the
+configurable options in the \fBsmb\&.conf\fP file
+allowing an administrator to easily look up the effects of any change\&.
+.PP
+\fBswat\fP can be run as a stand-alone daemon, from \fBinetd\fP,
+or invoked via CGI from a Web server\&.
+.PP
+.SH "OPTIONS"
+.PP
+.IP
+.IP "\fB-s smb configuration file\fP"
+The default configuration file path is
+determined at compile time\&.
+.IP
+The file specified contains the configuration details required by the
+\fBsmbd\fP server\&. This is the file that \fBswat\fP will
+modify\&. The information in this file includes server-specific
+information such as what printcap file to use, as well as descriptions
+of all the services that the server is to provide\&. See smb\&.conf
+(5) for more information\&.
+.IP
+.IP "\fB-a\fP"
+.IP
+This option is only used if \fBswat\fP is running as it\'s own mini-web
+server (see the \fBINSTALLATION\fP section below)\&.
+.IP
+This option removes the need for authentication needed to modify the
+\fBsmb\&.conf\fP file\&. \fI**THIS IS ONLY MEANT FOR
+DEMOING SWAT AND MUST NOT BE SET IN NORMAL SYSTEMS**\fP as it would
+allow \fI*ANYONE*\fP to modify the \fBsmb\&.conf\fP
+file, thus giving them root access\&.
+.IP
+.PP
+.SH "INSTALLATION"
+.PP
+After you compile SWAT you need to run \f(CW"make install"\fP to install the
+swat binary and the various help files and images\&. A default install
+would put these in:
+.PP
+
+.DS
+
+
+/usr/local/samba/bin/swat
+/usr/local/samba/swat/images/*
+/usr/local/samba/swat/help/*
+
+.DE
+
+
+.PP
+.SH "RUNNING VIA INETD"
+.PP
+You need to edit your \f(CW/etc/inetd\&.conf\fP and \f(CW/etc/services\fP to
+enable \fBSWAT\fP to be launched via inetd\&. Note that \fBswat\fP can also
+be launched via the cgi-bin mechanisms of a web server (such as
+apache) and that is described below in the section \fBRUNNING VIA
+CGI-BIN\fP\&.
+.PP
+In \f(CW/etc/services\fP you need to add a line like this:
+.PP
+\f(CWswat 901/tcp\fP
+.PP
+Note for NIS/YP users - you may need to rebuild the NIS service maps
+rather than alter your local \f(CW/etc/services\fP file\&.
+.PP
+the choice of port number isn\'t really important except that it should
+be less than 1024 and not currently used (using a number above 1024
+presents an obscure security hole depending on the implementation
+details of your \fBinetd\fP daemon)\&.
+.PP
+In \f(CW/etc/inetd\&.conf\fP you should add a line like this:
+.PP
+\f(CWswat stream tcp nowait\&.400 root /usr/local/samba/bin/swat swat\fP
+.PP
+If you just want to see a demo of how swat works and don\'t want to be
+able to actually change any Samba config via swat then you may chose
+to change \f(CW"root"\fP to some other user that does not have permission
+to write to \fBsmb\&.conf\fP\&.
+.PP
+One you have edited \f(CW/etc/services\fP and \f(CW/etc/inetd\&.conf\fP you need
+to send a HUP signal to inetd\&. To do this use \f(CW"kill -1 PID"\fP where
+PID is the process ID of the inetd daemon\&.
+.PP
+.SH "RUNNING VIA CGI-BIN"
+.PP
+To run \fBswat\fP via your web servers cgi-bin capability you need to
+copy the \fBswat\fP binary to your cgi-bin directory\&. Note that you
+should run \fBswat\fP either via \fBinetd\fP or via
+cgi-bin but not both\&.
+.PP
+Then you need to create a \f(CWswat/\fP directory in your web servers root
+directory and copy the \f(CWimages/*\fP and \f(CWhelp/*\fP files found in the
+\f(CWswat/\fP directory of your Samba source distribution into there so
+that they are visible via the URL \f(CWhttp://your\&.web\&.server/swat/\fP
+.PP
+Next you need to make sure you modify your web servers authentication
+to require a username/pssword for the URL
+\f(CWhttp://your\&.web\&.server/cgi-bin/swat\fP\&. \fI**Don\'t forget this
+step!**\fP If you do forget it then you will be allowing anyone to edit
+your Samba configuration which would allow them to easily gain root
+access on your machine\&.
+.PP
+After testing the authentication you need to change the ownership and
+permissions on the \fBswat\fP binary\&. It should be owned by root wth the
+setuid bit set\&. It should be ONLY executable by the user that the web
+server runs as\&. Make sure you do this carefully!
+.PP
+for example, the following would be correct if the web server ran as
+group \f(CW"nobody"\fP\&.
+.PP
+\f(CW-rws--x--- 1 root nobody \fP
+.PP
+You must also realise that this means that any user who can run
+programs as the \f(CW"nobody"\fP group can run \fBswat\fP and modify your
+Samba config\&. Be sure to think about this!
+.PP
+.SH "LAUNCHING"
+.PP
+To launch \fBswat\fP just run your favourite web browser and point it at
+\f(CWhttp://localhost:901/\fP or \f(CWhttp://localhost/cgi-bin/swat/\fP
+depending on how you installed it\&.
+.PP
+Note that you can attach to \fBswat\fP from any IP connected machine but
+connecting from a remote machine leaves your connection open to
+password sniffing as passwords will be sent in the clear over the
+wire\&.
+.PP
+If installed via \fBinetd\fP then you should be prompted for a
+username/password when you connect\&. You will need to provide the
+username \f(CW"root"\fP and the correct root password\&. More sophisticated
+authentication options are planned for future versions of \fBswat\fP\&.
+.PP
+If installed via cgi-bin then you should receive whatever
+authentication request you configured in your web server\&.
+.PP
+.SH "FILES"
+.PP
+\fB/etc/inetd\&.conf\fP
+.PP
+If the server is to be run by the inetd meta-daemon, this file must
+contain suitable startup information for the meta-daemon\&. See the
+section \fBRUNNING VIA INETD\fP above\&.
+.PP
+\fB/etc/services\fP
+.PP
+If running the server via the meta-daemon inetd, this file must
+contain a mapping of service name (eg\&., swat) to service port
+(eg\&., 901) and protocol type (eg\&., tcp)\&. See the section
+\fBRUNNING VIA INETD\fP above\&.
+.PP
+\fB/usr/local/samba/lib/smb\&.conf\fP
+.PP
+This is the default location of the \fIsmb\&.conf\fP server configuration
+file that \fBswat\fP edits\&. Other common places that systems install
+this file are \fI/usr/samba/lib/smb\&.conf\fP and \fI/etc/smb\&.conf\fP\&.
+.PP
+This file describes all the services the server is to make available
+to clients\&. See \fBsmb\&.conf (5)\fP for more information\&.
+.PP
+.SH "WARNINGS"
+.PP
+\fBswat\fP will rewrite your \fBsmb\&.conf\fP file\&. It
+will rearrange the entries and delete all comments,
+\fB"include="\fP and
+\fB"copy="\fP options\&. If you have a
+carefully crafted \fBsmb\&.conf\fP then back it up
+or don\'t use \fBswat\fP!
+.PP
+.SH "VERSION"
+.PP
+This man page is correct for version 2\&.0 of the Samba suite\&.
+.PP
+.SH "SEE ALSO"
+.PP
+\fBinetd (8)\fP, \fBnmbd (8)\fP,
+\fBsmb\&.conf (5)\fP\&.
+.PP
+.SH "AUTHOR"
+.PP
+The original Samba software and related utilities were created by
+Andrew Tridgell (samba-bugs@samba\&.anu\&.edu\&.au)\&. Samba is now developed
+by the Samba Team as an Open Source project similar to the way the
+Linux kernel is developed\&.
+.PP
+The original Samba man pages were written by Karl Auer\&. The man page
+sources were converted to YODL format (another excellent piece of Open
+Source software, available at
+\fBftp://ftp\&.icce\&.rug\&.nl/pub/unix/\fP)
+and updated for the Samba2\&.0 release by Jeremy Allison\&.
+\fIsamba-bugs@samba\&.anu\&.edu\&.au\fP\&.
+.PP
+See \fBsamba (7)\fP to find out how to get a full
+list of contributors and details on how to submit bug reports,
+comments etc\&.