Configuring Swat Revisited

Andrew Bartlett abartlet at pcug.org.au
Tue Mar 6 06:14:23 GMT 2001


Edmond Cheng wrote:
> 
> Still I can't get SWAT working.
> 
> I change the httpd.conf in your mail.  This time the Netscape returns error
> message, "A network error occurred while Netscape was receiving data.
> (Network error: Broken pipe) Try connecting again"
> 
> Regards,
> Edmond

Probably becouse SWAT does NOT use apache.  SWAT cannot run under
apache.  Why?  A properly configured apache installation runs as user
nobody (or equiv), SWAT must run as ROOT, as it needs to read/write
/etc/smb.conf, /etc/smbpasswd and to validate your identity in
/etc/shadow.  

SWAT uses its own internal web-server, basicly pumping raw HTTP at a
port (not that hard actualy).  It does this becouse it needs to run as
root, and no sane sysadmin runs web-servers as root.  (The other option,
making it set-uid root, is unappealing becouse of the security
implications).

SWAT can be enabled in /etc/inetd.conf or /etc/xinetd.d/swat, and can
use SSL for added privacy.  See other e-mails in this thread for
configuration examples.  I recomend only allowing acces from localhost.

Hope this clarifies things,
Andrew Bartlett

-- 
Andrew Bartlett
abartlet at pcug.org.au




More information about the samba mailing list