Er is ook een nederlandse versie van dit document.
Swat is a part of the Samba suite.
It's a small webserver which is intended to let you ;
But hey, I'm a slacker! Why would I need a GUI tool just to manage SAMBA
True....
swat:
From the manpage
SWAT(8) SWAT(8)
NAME
swat - Samba Web Administration Tool
SYNOPSIS
swat [ -s
|
Swat is started by the inetd daemon.
That way Swat is only started when there is a need for it.
To be fair, this really is a RTFM topic. Everything which is about to follow comes straight out off the manpage. Just watch:
(It is possible that most off the work has been done while installing your distro (this is the case with slack (what do mean by "unfriendly distro"))) :D
To configure your system for Swat 2 files need to be altered:
/etc/services:
From the services manpage
SERVICES(5) Linux Programmer's Manual SERVICES(5)
NAME
services - Internet network services list
DESCRIPTION
services is a plain ASCII file providing a mapping between
friendly textual names for internet services, and their
underlying assigned port numbers and protocol types. Every
networking program should look into this file to get the
port number (and protocol) for its service. The C library
routines getservent(3), getservbyname(3), getservby-
port(3), setservent(3), and endservent(3) support querying
this file from programs.
|
In /etc/services a line must be added for swat.
From the swat manpage
In /etc/services you need to add a line like this:
swat 901/tcp
|
In my case (slackware, which allready had that line) it looks like this:
accessbuilder 888/udp
swat 901/tcp # samba web configuration tool
ftps-data 989/tcp # ftp protocol, data, over TLS/SSL
|
The lines about accesbuilder and ftps-dat have nothing to do with swat offcourse. I left them in to give the swat line a proper placing. But it really doesn't make any difference where you place that line in /etc/services.
/etc/inetd.conf
From the inetd manpage
Upon execution, inetd reads its configuration information from a configu-
ration file which, by default, is /etc/inetd.conf. There must be an
entry for each field of the configuration file, with entries for each
field separated by a tab or a space. Comments are denoted by a ``#'' at
the beginning of a line. There must be an entry for each field. The
fields of the configuration file are as follows:
service name
socket type
protocol
wait/nowait[.max]
user[.group] or user[:group]
server program
server program arguments
|
The swat manpage litterly gives us the line which needs to be added to /etc/inetd.conf:
In /etc/inetd.conf you should add a line like this:
swat stream tcp nowait.400 root /usr/local/samba/bin/swat
swat
|
But there is a little catch.
The last mention off swat is on his own line, while this really should be an option to the swat command. De line should really be:
swat stream tcp nowait.400 root /usr/local/samba/bin/swat swat
|
Check if the command "/usr/local/samba/bin/swat: is correct for you setup. It's quite possible that the swat executable is in a different location on your system.
You can make this check with the command (as root) `which swat`.
root@bilbo:/home/bilbo# which swat
/usr/sbin/swat
root@bilbo:/home/bilbo#
|
If I would leave /etc/inet.conf as it is, swat will not work on my system (as a matter off fact I allready had the correct line in /etc/inetd.conf).
#Samba Web Administration Tool:
#swat stream tcp nowait.400 root /usr/sbin/swat swat
|
I'll only have to remove the "#" character to get the inetd configuration right.
And the swat manpage contineus with:
One you have edited /etc/services and /etc/inetd.conf you
need to send a HUP signal to inetd. To do this use kill -1
PID where PID is the process ID of the inetd daemon.
|
Restarting services is allso covered in "Een stukje process management" (just in dutch at the moment, sorry).
After restarting inetd, swat will start if the is a request on port 901.
The swat manpage contineus with:
LAUNCHING
To launch SWAT just run your favorite web browser and
point it at "http://localhost:901/".
Note that you can attach to SWAT from any IP connected
machine but connecting from a remote machine leaves your
connection open to password sniffing as passwords will be
sent in the clear over the wire.
|
In other words; you browse to you rown machine on port 901. You will be welcomed by Swat's login screen.
You did read the above mentioned "Note" didn't you
Tttttthats all folks, did you see, it's all in the manpages :D
[deleted]Xinetd users (ie RedHat) will have to configure xinetd in stead off inetd. If I get around to it I'll make an appendix for it (got that item somewhere in an IBM book).[/deleted]
[loose thought]What is open source beautifull :D[/loose thought]
Xinetd users (ie in use by Redhat) will have to configure xinetd. See for this purpose Apendix A (that is below :D)
I've noticed that Swat will follow the security rules in smb.conf with regards to "hosts allow" and "hosts deny". If you restrict Samba to your local net (ie hosts allow = 192.168.0.0/255.255.255.0) which is a wise thing to do, swat to will only work on your local net.
The xinetd way off doing things is a little bit different. Inetd will have all off Swat't options on one line. With xinetd Swat gets its own section. Often a section is sourced from separate files (or is that just RedHat?). Anyway.... this is what I got from scdgro
# default: off
# description: SWAT is the Samba Web Admin Tool. Use swat \
# to configure your Samba server. To use SWAT, \
# connect to port 901 with your favorite web browser.
service swat
{
port = 901
socket_type = stream
wait = no
only_from = 127.0.0.1
user = root
server = /usr/local/samba/bin/swat
log_on_failure += USERID
disable = no
}
|
The options resemble those of inetd a lot, I think they are quite self explainatory.
Add this to your /etc/xinetd.conf or put it as a file in (at least with RedHat) the directorie /etc/xinetd.d from where the file will be sourced. The exact location may be different in different distro's, but the location must be mentioned in /etc/xinetd.conf
The daemon xinetd requires a restart just as inetd does.
Signing off, love and kisses....
(Laurie Anderson)