diff options
Diffstat (limited to 'docs/manpages/smbd.8')
-rw-r--r-- | docs/manpages/smbd.8 | 407 |
1 files changed, 407 insertions, 0 deletions
diff --git a/docs/manpages/smbd.8 b/docs/manpages/smbd.8 new file mode 100644 index 00000000000..bae41b2c479 --- /dev/null +++ b/docs/manpages/smbd.8 @@ -0,0 +1,407 @@ +.TH SMBD 8 17/1/1995 smbd smbd +.SH NAME +smbd \- provide SMB (aka LanManager) services to clients +.SH SYNOPSIS +.B smbd +[ +.B -D +] [ +.B -a +] [ +.B -d +.I debuglevel +] [ +.B -l +.I log file +] [ +.B -p +.I port number +] [ +.B -O +.I socket options +] [ +.B -s +.I configuration file +] +.SH DESCRIPTION +This program is part of the Samba suite. + +.B smbd +is a server that can provide most SMB services. The +server provides filespace and printer services to clients using the SMB +protocol. This is compatible with the LanManager protocol, and can +service LanManager clients. + +An extensive description of the services that the server can provide is given +in the man page for the configuration file controlling the attributes of those +services (see +.B smb.conf(5)). This man page will not describe the services, but +will concentrate on the administrative aspects of running the server. + +Please note that there are significant security implications to running this +server, and +.B smb.conf(5) should be regarded as mandatory reading before proceeding with +installation. + +A session is created whenever a client requests one. Each client gets a copy +of the server for each session. This copy then services all connections made +by the client during that session. When all connections from its client are +are closed, the copy of the server for that client terminates. + +The configuration file is automatically reloaded if it changes. You +can force a reload by sending a SIGHUP to the server. + +.SH OPTIONS +.B -D + +.RS 3 +If specified, this parameter causes the server to operate as a daemon. That is, +it detaches itself and runs in the background, fielding requests on the +appropriate port. + +By default, the server will NOT operate as a daemon. +.RE + +.B -a + +.RS 3 +If this parameter is specified, the log files will be overwritten with each +new connection. By default, the log files will be appended to. +.RE + +.B -d +.I debuglevel +.RS 3 + +debuglevel is an integer from 0 to 5. + +The default value if this parameter is not specified is zero. + +The higher this value, the more detail will be logged to the log files about +the activities of the server. At level 0, only critical errors and serious +warnings will be logged. Level 1 is a reasonable level for day to day running +- it generates a small amount of information about operations carried out. + +Levels above 1 will generate considerable amounts of log data, and should +only be used when investigating a problem. Levels above 3 are designed for +use only by developers and generate HUGE amounts of log data, most of which +is extremely cryptic. +.RE + +.B -l +.I log file + +.RS 3 +If specified, +.I logfile +specifies a base filename into which operational data from the running server +will be logged. + +The default base name is specified at compile time. + +The base name is used to generate actual log file names. For example, if the +name specified was "log", the following files would be used for log data: + +.RS 3 +log.debug (containing debugging information) + +log.in (containing inbound transaction data) + +log.out (containing outbound transaction data) +.RE + +The log files generated are never removed by the server. +.RE + +.B -O +.I socket options +.RS 3 + +See the socket options section of smb.conf(5) for details + +.RE +.B -p +.I port number +.RS 3 + +port number is a positive integer value. + +The default value if this parameter is not specified is 139. + +This number is the port number that will be used when making connections to +the server from client software. The standard (well-known) port number for the +server is 139, hence the default. If you wish to run the server as an ordinary +user rather than as root, most systems will require you to use a port number +greater than 1024 - ask your system administrator for help if you are in this +situation. + +This parameter is not normally specified except in the above situation. +.RE + +.B -s +.I configuration file + +.RS 3 +The default configuration file name is determined at compile time. + +The file specified contains the configuration details required by the server. +The information in this file includes server-specific information such as +what printcap file to use, as well as descriptions of all the services that the +server is to provide. See +.B smb.conf(5) for more information. +.RE + +.SH FILES + +.B /etc/inetd.conf + +.RS 3 +If the server is to be run by the inetd meta-daemon, this file must contain +suitable startup information for the meta-daemon. See the section +"INSTALLATION" below. +.RE + +.B /etc/rc + +.RS 3 +(or whatever initialisation script your system uses) + +If running the server as a daemon at startup, this file will need to contain +an appropriate startup sequence for the server. See the section "INSTALLATION" +below. +.RE + +.B /etc/services + +.RS 3 +If running the server via the meta-daemon inetd, this file must contain a +mapping of service name (eg., netbios-ssn) to service port (eg., 139) and +protocol type (eg., tcp). See the section "INSTALLATION" below. +.RE + +.B /usr/local/smb/smb.conf + +.RS 3 +This file describes all the services the server is to make available to +clients. See +.B smb.conf(5) for more information. +.RE +.RE + +.SH LIMITATIONS + +On some systems smbd cannot change uid back to root after a setuid() call. +Such systems are called "trapdoor" uid systems. If you have such a system, +you will be unable to connect from a client (such as a PC) as two different +users at once. Attempts to connect the second user will result in "access +denied" or similar. + +.SH ENVIRONMENT VARIABLES + +.B PRINTER + +.RS 3 +If no printer name is specified to printable services, most systems will +use the value of this variable (or "lp" if this variable is not defined) +as the name of the printer to use. This is not specific to the server, +however. +.RE + +.SH INSTALLATION +The location of the server and its support files is a matter for individual +system administrators. The following are thus suggestions only. + +It is recommended that the server software be installed under the +/usr/local hierarchy, in a directory readable by all, writeable only +by root. The server program itself should be executable by all, as +users may wish to run the server themselves (in which case it will of +course run with their privileges). The server should NOT be +setuid. On some systems it may be worthwhile to make smbd setgid to an +empty group. This is because some systems may have a security hole where +daemon processes that become a user can be attached to with a +debugger. Making the smbd file setgid to an empty group may prevent +this hole from being exploited. This secrity hole and the suggested +fix has only been confirmed on Linux at the time this was written. It +is possible that this hole only exists in Linux, as testing on other +systems has thus far shown them to be immune. + +The server log files should be put in a directory readable and writable only +by root, as the log files may contain sensitive information. + +The configuration file should be placed in a directory readable and writable +only by root, as the configuration file controls security for the services +offered by the server. The configuration file can be made readable by all if +desired, but this is not necessary for correct operation of the server and +is not recommended. A sample configuration file "smb.conf.sample" is supplied +with the source to the server - this may be renamed to "smb.conf" and +modified to suit your needs. + +The remaining notes will assume the following: + +.RS 3 +smbd (the server program) installed in /usr/local/smb + +smb.conf (the configuration file) installed in /usr/local/smb + +log files stored in /var/adm/smblogs +.RE + +The server may be run either as a daemon by users or at startup, or it may +be run from a meta-daemon such as inetd upon request. If run as a daemon, the +server will always be ready, so starting sessions will be faster. If run from +a meta-daemon some memory will be saved and utilities such as the tcpd +TCP-wrapper may be used for extra security. + +When you've decided, continue with either "RUNNING THE SERVER AS A DAEMON" or +"RUNNING THE SERVER ON REQUEST". +.SH RUNNING THE SERVER AS A DAEMON +To run the server as a daemon from the command line, simply put the "-D" option +on the command line. There is no need to place an ampersand at the end of the +command line - the "-D" option causes the server to detach itself from the +tty anyway. + +Any user can run the server as a daemon (execute permissions permitting, of +course). This is useful for testing purposes, and may even be useful as a +temporary substitute for something like ftp. When run this way, however, the +server will only have the privileges of the user who ran it. + +To ensure that the server is run as a daemon whenever the machine is started, +and to ensure that it runs as root so that it can serve multiple clients, you +will need to modify the system startup files. Wherever appropriate (for +example, in /etc/rc), insert the following line, substituting +port number, log file location, configuration file location and debug level as +desired: + +.RS 3 +/usr/local/smb/smbd -D -l /var/adm/smblogs/log -s /usr/local/smb/smb.conf +.RE + +(The above should appear in your initialisation script as a single line. +Depending on your terminal characteristics, it may not appear that way in +this man page. If the above appears as more than one line, please treat any +newlines or indentation as a single space or TAB character.) + +If the options used at compile time are appropriate for your system, all +parameters except the desired debug level and "-D" may be omitted. See the +section "OPTIONS" above. +.SH RUNNING THE SERVER ON REQUEST +If your system uses a meta-daemon such as inetd, you can arrange to have the +smbd server started whenever a process attempts to connect to it. This requires +several changes to the startup files on the host machine. If you are +experimenting as an ordinary user rather than as root, you will need the +assistance of your system administrator to modify the system files. + +You will probably want to set up the name server +.B nmbd +at the same time as +the smbd - refer to the man page +.B nmbd(8). + +First, ensure that a port is configured in the file /etc/services. The +well-known port 139 should be used if possible, though any port may be used. + +Ensure that a line similar to the following is in /etc/services: + +.RS 3 +netbios-ssn 139/tcp +.RE + +Note for NIS/YP users - you may need to rebuild the NIS service maps rather +than alter your local /etc/services file. + +Next, put a suitable line in the file /etc/inetd.conf (in the unlikely event +that you are using a meta-daemon other than inetd, you are on your own). Note +that the first item in this line matches the service name in /etc/services. +Substitute appropriate values for your system in this line (see +.B inetd(8)): + +.RS 3 +netbios-ssn stream tcp nowait root /usr/local/smb/smbd -d1 +-l/var/adm/smblogs/log -s/usr/local/smb/smb.conf +.RE + +(The above should appear in /etc/inetd.conf as a single line. Depending on +your terminal characteristics, it may not appear that way in this man page. +If the above appears as more than one line, please treat any newlines or +indentation as a single space or TAB character.) + +Note that there is no need to specify a port number here, even if you are +using a non-standard port number. + +Lastly, edit the configuration file to provide suitable services. To start +with, the following two services should be all you need: + +.RS 3 +[homes] +.RS 3 + writable = yes +.RE + +[printers] +.RS 3 + writable = no + printable = yes + path = /tmp + public = yes +.RE +.RE + +This will allow you to connect to your home directory and print to any printer +supported by the host (user privileges permitting). +.SH TESTING THE INSTALLATION +If running the server as a daemon, execute it before proceeding. If +using a meta-daemon, either restart the system or kill and restart the +meta-daemon. Some versions of inetd will reread their configuration tables if +they receive a HUP signal. + +If your machine's name is "fred" and your name is "mary", you should now be +able to connect to the service "\\\\fred\\mary". + +To properly test and experiment with the server, we recommend using the +smbclient program (see +.B smbclient(1)). +.SH VERSION +This man page is (mostly) correct for version 1.9.00 of the Samba suite, plus some +of the recent patches to it. These notes will necessarily lag behind +development of the software, so it is possible that your version of +the server has extensions or parameter semantics that differ from or are not +covered by this man page. Please notify these to the address below for +rectification. +.SH SEE ALSO +.B hosts_access(5), +.B inetd(8), +.B nmbd(8), +.B smb.conf(5), +.B smbclient(1), +.B testparm(1), +.B testprns(1) + +.SH DIAGNOSTICS +[This section under construction] + +Most diagnostics issued by the server are logged in a specified log file. The +log file name is specified at compile time, but may be overridden on the +command line. + +The number and nature of diagnostics available depends on the debug level used +by the server. If you have problems, set the debug level to 3 and peruse the +log files. + +Most messages are reasonably self-explanatory. Unfortunately, at time of +creation of this man page the source code is still too fluid to warrant +describing each and every diagnostic. At this stage your best bet is still +to grep the source code and inspect the conditions that gave rise to the +diagnostics you are seeing. + +.SH BUGS +None known. +.SH CREDITS +The original Samba software and related utilities were created by +Andrew Tridgell (samba-bugs@anu.edu.au). Andrew is also the Keeper +of the Source for this project. + +This man page written by Karl Auer (Karl.Auer@anu.edu.au) + +See +.B smb.conf(5) for a full list of contributors and details on how to +submit bug reports, comments etc. |