mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
.. | ||
help | ||
images | ||
README |
This is a brief description of how to install and use the Samba Web Administration Tool on your machine. Please note that SWAT is still being developed so you should not expect it to be bug free. You should only install and use it if you want to either get a preview of what we are doing with SWAT or you want to help in the development of SWAT. Installation ------------ After you compile SWAT you need to run "make install" to install the swat binary and the various help files and images. A default install would put these in: /usr/local/samba/bin/swat /usr/local/samba/swat/images/* /usr/local/samba/swat/help/* Running via inetd ----------------- You then need to edit your /etc/inetd.conf and /etc/services to enable SWAT to be launched via inetd. Note that SWAT can also be launched via the cgi-bin mechanisms of a web server (such as apache) and that is described below. In /etc/services you need to add a line like this: swat 901/tcp the choice of port number isn't really important except that it should be less than 1024 and not currently used (using a number above 1024 presents an obscure security hole depending on the implementation details of your inetd daemon). In /etc/inetd.conf you should add a line like this: swat stream tcp nowait root /usr/local/samba/bin/swat swat If you just want to see a demo of ho swat works and don't want to be able to actually change any Samba config via swat then you may chose to change "root" to some other user that does not have permission to write to smb.conf. One you have edited /etc/services and /etc/inetd.conf you need to send a HUP signal to inetd. On many systems "killall -1 inetd" will do this on others you will need to use "kill -1 PID" where PID is the process ID of the inetd daemon. Running via cgi-bin ------------------- To run SWAT via your web servers cgi-bin capability you need to copy the swat binary to your cgi-bin directory. Note that you should run SWAT either via inetd or via cgi-bin but not both. Then you need to create a swat directory in your web servers root directory and copy the images/* and help/* files into there so that they are visible via the URL http://your.web.server/swat/ Next you need to make sure you modify your web servers authentication to require a username/pssword for the URL http://your.web.server/cgi-bin/swat. Don't forgt this step! If you do forget it then you will be allowing anyone to edit your Samba configuration which would allow them to easily gain root access on your machine. After testing the authentication you need to change the ownership and permissions on the swat binary. It should be owned by root wth the setuid bit set. It should be ONLY executable by the user that the web server runs as. Make sure you do this carefully! for example, the following would be correct if the web server ran as group "nobody". -rws--x--- 1 root nobody You must also realise that this means that any user who can run programs as the "nobody" group can run swat and modify your Samba config. Be sure to think about this! Launching --------- To launch SWAT just run your favourite web browser and point it at http://localhost:901/ or http://localhost/cgi-bin/swat/ depending on how you installed it. Note that you can attach to SWAT from any IP connected machine but connecting from a remote machine leaves your connection open to password sniffing as passwords will be sent in the clear over the wire. If installed via inetd then you should be prompted for a username/password when you connect. You will need to provide the username "root" and the correct root password. More sophisticated authentication options are planned for future versions of SWAT. If installed via cgi-bin then you should receive whatever authentication request you configured in your web server. Running ------- Just follow your nose! If you can't work out how to use it then maybe you should use "vi smb.conf" instead. WARNINGS -------- SWAT will rewrite your smb.conf file. It will rearrange the entries and delete all comments, include= and copy= options. If you have a carefully crafted smb.conf then back it up or don't use SWAT! Development ----------- Please join the samba-technical mailing list if you want to discuss the development of SWAT. Note that this list is for technical developer discussions and is not a general help list.