diff options
author | Gerald Carter <jerry@samba.org> | 2001-10-10 17:19:10 +0000 |
---|---|---|
committer | Gerald Carter <jerry@samba.org> | 2001-10-10 17:19:10 +0000 |
commit | c76bf8ed3275e217d1b691879153fe9137bcbe38 (patch) | |
tree | c45103ab10b0455e61766cf52bac0cdea5c0afca /docs/htmldocs/smbd.8.html | |
parent | 96c9df577bcffeec1b7d516a5431e54e679bd6b4 (diff) | |
download | samba-c76bf8ed3275e217d1b691879153fe9137bcbe38.tar.gz samba-c76bf8ed3275e217d1b691879153fe9137bcbe38.tar.xz samba-c76bf8ed3275e217d1b691879153fe9137bcbe38.zip |
mega-merge from 2.2
Diffstat (limited to 'docs/htmldocs/smbd.8.html')
-rw-r--r-- | docs/htmldocs/smbd.8.html | 193 |
1 files changed, 152 insertions, 41 deletions
diff --git a/docs/htmldocs/smbd.8.html b/docs/htmldocs/smbd.8.html index 35520b05afc..be82ef6d4ec 100644 --- a/docs/htmldocs/smbd.8.html +++ b/docs/htmldocs/smbd.8.html @@ -98,12 +98,15 @@ CLASS="FILENAME" can force a reload by sending a SIGHUP to the server. Reloading the configuration file will not affect connections to any service that is already established. Either the user will have to - disconnect from the service, or smbd killed and restarted.</P + disconnect from the service, or <B +CLASS="COMMAND" +>smbd</B +> killed and restarted.</P ></DIV ><DIV CLASS="REFSECT1" ><A -NAME="AEN35" +NAME="AEN36" ></A ><H2 >OPTIONS</H2 @@ -120,9 +123,12 @@ CLASS="VARIABLELIST" the server to operate as a daemon. That is, it detaches itself and runs in the background, fielding requests on the appropriate port. Operating the server as a - daemon is the recommended way of running smbd for + daemon is the recommended way of running <B +CLASS="COMMAND" +>smbd</B +> for servers that provide more than casual use file and - print services. This switch is assumed is <B + print services. This switch is assumed if <B CLASS="COMMAND" >smbd </B @@ -153,7 +159,10 @@ CLASS="COMMAND" >-P</DT ><DD ><P ->Passive option. Causes smbd not to +>Passive option. Causes <B +CLASS="COMMAND" +>smbd</B +> not to send any network traffic out. Used for debugging by the developers only.</P ></DD @@ -181,7 +190,12 @@ CLASS="COMMAND" >-d <debug level></DT ><DD ><P ->debuglevel is an integer +><TT +CLASS="REPLACEABLE" +><I +>debuglevel</I +></TT +> is an integer from 0 to 10. The default value if this parameter is not specified is zero.</P ><P @@ -217,8 +231,11 @@ CLASS="FILENAME" >-l <log file></DT ><DD ><P ->If specified, <EM ->log file</EM +>If specified, <TT +CLASS="REPLACEABLE" +><I +>log file</I +></TT > specifies a log filename into which informational and debug messages from the running server will be logged. The log @@ -261,7 +278,12 @@ CLASS="FILENAME" >-p <port number></DT ><DD ><P ->port number is a positive integer +><TT +CLASS="REPLACEABLE" +><I +>port number</I +></TT +> is a positive integer value. The default value if this parameter is not specified is 139.</P ><P @@ -309,7 +331,7 @@ CLASS="FILENAME" ><DIV CLASS="REFSECT1" ><A -NAME="AEN104" +NAME="AEN109" ></A ><H2 >FILES</H2 @@ -407,7 +429,7 @@ CLASS="FILENAME" ><DIV CLASS="REFSECT1" ><A -NAME="AEN137" +NAME="AEN142" ></A ><H2 >LIMITATIONS</H2 @@ -426,7 +448,7 @@ CLASS="COMMAND" ><DIV CLASS="REFSECT1" ><A -NAME="AEN141" +NAME="AEN146" ></A ><H2 >ENVIRONMENTVARIABLES</H2 @@ -436,12 +458,18 @@ NAME="AEN141" CLASS="VARIABLELIST" ><DL ><DT ->PRINTER</DT +><TT +CLASS="ENVAR" +>PRINTER</TT +></DT ><DD ><P >If no printer name is specified to printable services, most systems will use the value of - this variable (or lp if this variable is + this variable (or <TT +CLASS="CONSTANT" +>lp</TT +> if this variable is not defined) as the name of the printer to use. This is not specific to the server, however.</P ></DD @@ -451,7 +479,7 @@ CLASS="VARIABLELIST" ><DIV CLASS="REFSECT1" ><A -NAME="AEN148" +NAME="AEN155" ></A ><H2 >INSTALLATION</H2 @@ -469,10 +497,16 @@ CLASS="FILENAME" program itself should be executable by all, as users may wish to run the server themselves (in which case it will of course run with their privileges). The server should NOT be setuid. On some - systems it may be worthwhile to make smbd setgid to an empty group. + systems it may be worthwhile to make <B +CLASS="COMMAND" +>smbd</B +> setgid to an empty group. This is because some systems may have a security hole where daemon processes that become a user can be attached to with a debugger. - Making the smbd file setgid to an empty group may prevent + Making the <B +CLASS="COMMAND" +>smbd</B +> file setgid to an empty group may prevent this hole from being exploited. This security hole and the suggested fix has only been confirmed on old versions (pre-kernel 2.0) of Linux at the time this was written. It is possible that this hole only @@ -567,7 +601,7 @@ CLASS="COMMAND" ><DIV CLASS="REFSECT1" ><A -NAME="AEN179" +NAME="AEN188" ></A ><H2 >RUNNING THE SERVER AS A DAEMON</H2 @@ -622,7 +656,7 @@ CLASS="COMMAND" ><DIV CLASS="REFSECT1" ><A -NAME="AEN192" +NAME="AEN201" ></A ><H2 >RUNNING THE SERVER ON REQUEST</H2 @@ -631,7 +665,10 @@ NAME="AEN192" CLASS="COMMAND" >inetd </B ->, you can arrange to have the smbd server started +>, you can arrange to have the <B +CLASS="COMMAND" +>smbd</B +> server started whenever a process attempts to connect to it. This requires several changes to the startup files on the host machine. If you are experimenting as an ordinary user rather than as root, you will @@ -755,7 +792,52 @@ CLASS="COMPUTEROUTPUT" ><DIV CLASS="REFSECT1" ><A -NAME="AEN223" +NAME="AEN233" +></A +><H2 +>PAM INTERACTION</H2 +><P +>Samba uses PAM for authentication (when presented with a plaintext + password), for account checking (is this account disabled?) and for + session management. The degree too which samba supports PAM is restricted + by the limitations of the SMB protocol and the + <A +HREF="smb.conf.5.html#OBEYPAMRESRICTIONS" +TARGET="_top" +>obey pam restricions</A +> + smb.conf paramater. When this is set, the following restrictions apply: + </P +><P +></P +><UL +><LI +><P +><EM +>Account Validation</EM +>: All acccesses to a + samba server are checked + against PAM to see if the account is vaild, not disabled and is permitted to + login at this time. This also applies to encrypted logins. + </P +></LI +><LI +><P +><EM +>Session Management</EM +>: When not using share + level secuirty, users must pass PAM's session checks before access + is granted. Note however, that this is bypassed in share level secuirty. + Note also that some older pam configuration files may need a line + added for session support. + </P +></LI +></UL +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN244" ></A ><H2 >TESTING THE INSTALLATION</H2 @@ -769,8 +851,18 @@ CLASS="COMMAND" > will reread their configuration tables if they receive a HUP signal.</P ><P ->If your machine's name is fred and your - name is mary, you should now be able to connect +>If your machine's name is <TT +CLASS="REPLACEABLE" +><I +>fred</I +></TT +> and your + name is <TT +CLASS="REPLACEABLE" +><I +>mary</I +></TT +>, you should now be able to connect to the service <TT CLASS="FILENAME" >\\fred\mary</TT @@ -803,7 +895,7 @@ CLASS="FILENAME" ><DIV CLASS="REFSECT1" ><A -NAME="AEN235" +NAME="AEN258" ></A ><H2 >VERSION</H2 @@ -814,7 +906,7 @@ NAME="AEN235" ><DIV CLASS="REFSECT1" ><A -NAME="AEN238" +NAME="AEN261" ></A ><H2 >DIAGNOSTICS</H2 @@ -837,19 +929,25 @@ NAME="AEN238" ><DIV CLASS="REFSECT1" ><A -NAME="AEN243" +NAME="AEN266" ></A ><H2 >SIGNALS</H2 ><P ->Sending the smbd a SIGHUP will cause it to - re-load its <TT +>Sending the <B +CLASS="COMMAND" +>smbd</B +> a SIGHUP will cause it to + reload its <TT CLASS="FILENAME" >smb.conf</TT > configuration file within a short period of time.</P ><P ->To shut down a users smbd process it is recommended +>To shut down a user's <B +CLASS="COMMAND" +>smbd</B +> process it is recommended that <B CLASS="COMMAND" >SIGKILL (-9)</B @@ -858,24 +956,37 @@ CLASS="COMMAND" > be used, except as a last resort, as this may leave the shared memory area in an inconsistent state. The safe way to terminate - an smbd is to send it a SIGTERM (-15) signal and wait for + an <B +CLASS="COMMAND" +>smbd</B +> is to send it a SIGTERM (-15) signal and wait for it to die on its own.</P ><P ->The debug log level of smbd may be raised by sending - it a SIGUSR1 (<B +>The debug log level of <B CLASS="COMMAND" ->kill -USR1 <smbd-pid></B ->) - and lowered by sending it a SIGUSR2 (<B +>smbd</B +> may be raised + or lowered using <A +HREF="smbcontrol.1.html" +TARGET="_top" +><B CLASS="COMMAND" ->kill -USR2 <smbd-pid> +>smbcontrol(1) </B ->). This is to allow transient problems to be diagnosed, +></A +> program (SIGUSR[1|2] signals are no longer used in + Samba 2.2). This is to allow transient problems to be diagnosed, whilst still running at a normally low log level.</P ><P >Note that as the signal handlers send a debug write, - they are not re-entrant in smbd. This you should wait until - smbd is in a state of waiting for an incoming smb before + they are not re-entrant in <B +CLASS="COMMAND" +>smbd</B +>. This you should wait until + <B +CLASS="COMMAND" +>smbd</B +> is in a state of waiting for an incoming SMB before issuing them. It is possible to make the signal handlers safe by un-blocking the signals before the select call and re-blocking them after, however this would affect performance.</P @@ -883,7 +994,7 @@ CLASS="COMMAND" ><DIV CLASS="REFSECT1" ><A -NAME="AEN254" +NAME="AEN283" ></A ><H2 >SEE ALSO</H2 @@ -949,7 +1060,7 @@ TARGET="_top" ><DIV CLASS="REFSECT1" ><A -NAME="AEN271" +NAME="AEN300" ></A ><H2 >AUTHOR</H2 |