Section 2.4. Enabling the Samba Web Administration Tool (SWAT)

2.4. Enabling the Samba Web Administration Tool (SWAT)

The Samba Web Administration Tool (SWAT) provides a forms-based editor in your web browser for creating and modifying Samba's configuration file. It runs as a daemon under inetd or xinetd. For SWAT to work, entries must be added for it in the /etc/services and /etc/inetd.conf (or /etc/xinetd.d/swat) configuration files. To add the entries, follow these three steps:

1. Check your /etc/services file, and add the following line to the end if a line like it does not already appear.

    swat   901/tcp 

   
   

2. If an entry exists and has assigned port 901 to a service other than SWAT, you can select any unused port. However, you will need to adapt any references to port 901 in our examples to your local configuration.

3. Make sure that an inetd-style daemon is running. inetd and xinetd are "Internet super daemons" that handle starting daemons on demand, instead of letting them sit around in memory consuming system resources. Most Unix systems use inetd, but some utilize the more secure xinetd service. Most Linux distribution now use xinetd by default. You can use the ps command to see which of the two your system is running.

For inetd, add a line to the /etc/inetd.conf file. (Check your inetd.conf manual page to see the exact format of the inetd.conf file whether it differs from the following example.) Don't forget to change the path to the SWAT binary if you installed it in a different location from the default /usr/local/samba:

 swat   stream  tcp  nowait  root  /usr/local/samba/sbin/swat  swat 

Then force inetd to reread its configuration file by sending it a SIGHUP (hangup) signal:

 $ kill -HUP -a inetd 

Notice that we are using a version of the kill command that supports the -a option, so as to allow us to specify the process by name. On FreeBSD and Linux (but not Solaris), you can use the killall command as follows:

 $ killall -HUP inetd 

On Solaris up to and including Solaris 9, use the pkill command.

 $ pkill -HUP inetd 

On Solaris 10 and later, inetd is not used, but there is an automatic conversion program. Enter the configureation details into inetd.conf and then run the following command.

 $ inetconv 

If you are not running one of the previously mentioned operating systems and your version of kill doesn't have the -a option, you will need to use the ps command to find the process ID and then supply that to kill:

 $ ps ax | grep inetd   780 ?        S      0:00 inetd  1981 pts/4    S      0:00 grep inetd $ kill -HUP 780 

If your system is using xinetd , add a file named swat in your /etc/xinetd.d directory and make sure it is readable by the account used to run the xinetd metadaemon (usually root). The file should contain the following:

 # description: swat is the Samba Web Administration Tool, which #       allows an administrator to configure Samba using a web #       browser interface, with the URL http://localhost:901 service swat {         socket_type             = stream         wait                    = no         protocol                = tcp         only_from               = localhost         user                    = root         log_on_failure          += USERID         server                  = /usr/local/samba/sbin/swat         port                    = 901         disable                 = no } 

Then xinetd needs to be sent a signal^[*] to make it reread its configuration files:

^[*] Depending on the version of xinetd you have and how it was compiled, you might need to send a USR1 or some other signal rather than the HUP signal. Check the manual page for xinetd_ (8) on your system for details.

 $ kill -HUP -a xinetd 

SWAT has its advantages and its disadvantages. On the plus side:

• SWAT prevents typos in parameter names by writing smb.conf based on your input.

• SWAT makes it easy to determine the default value for parameters.

• Samba's Online documentation is linked from SWAT's front page.

• Online help for each parameter is linked beside each input field.

On the minus side:

• To utilize SWAT's full functionality, you must log in as the root user. This is the reason why SWAT is usually restricted by administrators to run over the loopback interface rather than remotely across a network.

• SWAT supports only HTTP (no HTTPS), allowing snoopers to see what you are doing. It is possible to use a tool such as Stunnel (http://www.stunnel.org) to add secure communication outside of SWAT.

• SWAT strips out all comments and rewrites smb.conf upon committing changes to disk. This is a problem only if you swap back and forth between editing the file in an external editor and editing smb.conf in SWAT.

That's pretty much it for the installation. Before starting Samba, however, you need to create a configuration file for it.