Name
swat — Samba Web Administration Tool
Synopsis
swat [-s <smb config file>] [-a] [-P]
DESCRIPTION
This tool is part of the samba(7) suite.
swat allows a Samba administrator to
configure the complex smb.conf(5) file via a Web browser. In addition,
a swat configuration page has help links
to all the configurable options in the smb.conf file allowing an
administrator to easily look up the effects of any change.
swat is run from inetd
OPTIONS
- -s smb configuration file
The default configuration file path is
determined at compile time. The file specified contains
the configuration details required by the smbd(8) server. This is the file
that swat will modify.
The information in this file includes server-specific
information such as what printcap file to use, as well as
descriptions of all the services that the server is to provide.
See smb.conf for more information.
- -a
This option disables authentication and puts
swat in demo mode. In that mode anyone will be able to modify
the smb.conf file.
WARNING: Do NOT enable this option on a production
server.
- -P
This option restricts read-only users to the password
management page. swat can then be used to change
user passwords without users seeing the "View" and "Status" menu
buttons.
- -V
Prints the program version number.
- -s <configuration file>
The file specified contains the
configuration details required by the server. The
information in this file includes server-specific
information such as what printcap file to use, as well
as descriptions of all the services that the server is
to provide. See smb.conf for more information.
The default configuration file name is determined at
compile time.
- -d|--debuglevel=level
level is an integer
from 0 to 10. The default value if this parameter is
not specified is zero.
The higher this value, the more detail will be
logged to the log files about the activities of the
server. At level 0, only critical errors and serious
warnings will be logged. Level 1 is a reasonable level for
day-to-day running - it generates a small amount of
information about operations carried out.
Levels above 1 will generate considerable
amounts of log data, and should only be used when
investigating a problem. Levels above 3 are designed for
use only by developers and generate HUGE amounts of log
data, most of which is extremely cryptic.
Note that specifying this parameter here will
override the parameter
in the smb.conf file.
- -l|--logfile=logdirectory
Base directory name for log/debug files. The extension
".progname" will be appended (e.g. log.smbclient,
log.smbd, etc...). The log file is never removed by the client.
- -h|--help
Print a summary of command line options.
INSTALLATION
Swat is included as binary package with most distributions. The
package manager in this case takes care of the installation and
configuration. This section is only for those who have compiled
swat from scratch.
After you compile SWAT you need to run make install
to install the swat binary
and the various help files and images. A default install would put
these in:
/usr/local/samba/sbin/swat
/usr/local/samba/swat/images/*
/usr/local/samba/swat/help/*
Inetd Installation
You need to edit your /etc/inetd.conf
and /etc/services
to enable SWAT to be launched via inetd.
In /etc/services you need to
add a line like this:
swat 901/tcp
Note for NIS/YP and LDAP users - you may need to rebuild the
NIS service maps rather than alter your local
/etc/services file.
the choice of port number isn't really important
except that it should be less than 1024 and not currently
used (using a number above 1024 presents an obscure security
hole depending on the implementation details of your
inetd daemon).
In /etc/inetd.conf you should
add a line like this:
swat stream tcp nowait.400 root
/usr/local/samba/sbin/swat swat
Once you have edited /etc/services
and /etc/inetd.conf you need to send a
HUP signal to inetd. To do this use kill -1 PID
where PID is the process ID of the inetd daemon.
LAUNCHING
To launch SWAT just run your favorite web browser and
point it at "http://localhost:901/".
Note that you can attach to SWAT from any IP connected
machine but connecting from a remote machine leaves your
connection open to password sniffing as passwords will be sent
in the clear over the wire.
FILES
/etc/inetd.confThis file must contain suitable startup
information for the meta-daemon.
/etc/servicesThis file must contain a mapping of service name
(e.g., swat) to service port (e.g., 901) and protocol type
(e.g., tcp).
/usr/local/samba/lib/smb.confThis is the default location of the smb.conf(5) server configuration file that swat edits. Other
common places that systems install this file are
/usr/samba/lib/smb.conf and /etc/smb.conf
. This file describes all the services the server
is to make available to clients.
WARNINGS
swat will rewrite your smb.conf(5) file. It will rearrange the entries and delete all
comments, include= and copy=
options. If you have a carefully crafted
smb.conf then back it up or don't use swat!
VERSION
This man page is correct for version 3.0 of the Samba suite.
AUTHOR
The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.
The original Samba man pages were written by Karl Auer.
The man page sources were converted to YODL format (another
excellent piece of Open Source software, available at
ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0
release by Jeremy Allison. The conversion to DocBook for
Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for
Samba 3.0 was done by Alexander Bokovoy.