diff options
Diffstat (limited to 'upstream/opensuse-leap-15-6/man8/smbd.8')
| -rw-r--r-- | upstream/opensuse-leap-15-6/man8/smbd.8 | 422 |
1 files changed, 422 insertions, 0 deletions
diff --git a/upstream/opensuse-leap-15-6/man8/smbd.8 b/upstream/opensuse-leap-15-6/man8/smbd.8 new file mode 100644 index 00000000..651afd45 --- /dev/null +++ b/upstream/opensuse-leap-15-6/man8/smbd.8 @@ -0,0 +1,422 @@ +'\" t +.\" Title: smbd +.\" Author: [see the "AUTHOR" section] +.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/> +.\" Date: 10/23/2023 +.\" Manual: System Administration tools +.\" Source: Samba 4.19.2-git.328.e4c431e307f150600.1.23SUSE-oS15.0-x86_64 +.\" Language: English +.\" +.TH "SMBD" "8" "10/23/2023" "Samba 4\&.19\&.2\-git\&.328\&." "System Administration tools" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +smbd \- server to provide SMB/CIFS services to clients +.SH "SYNOPSIS" +.HP \w'\ 'u +smbd [\-D|\-\-daemon] [\-i|\-\-interactive] [\-F|\-\-foreground] [\-\-no\-process\-group] [\-b|\-\-build\-options] [\-p\ <port\ number(s)>] [\-P\ <profiling\ level>] [\-d\ <debug\ level>] [\-\-debug\-stdout] [\-\-configfile=<configuration\ file>] [\-\-option=<name>=<value>] [\-l|\-\-log\-basename\ <log\ directory>] [\-\-leak\-report] [\-\-leak\-report\-full] [\-V|\-\-version] +.SH "DESCRIPTION" +.PP +This program is part of the +\fBsamba\fR(7) +suite\&. +.PP +smbd +is the server daemon that provides filesharing and printing services to Windows clients\&. The server provides filespace and printer services to clients using the SMB (or CIFS) protocol\&. This is compatible with the LanManager protocol, and can service LanManager clients\&. These include MSCLIENT 3\&.0 for DOS, Windows for Workgroups, Windows 95/98/ME, Windows NT, Windows 2000, OS/2, DAVE for Macintosh, and smbfs for Linux\&. +.PP +An extensive description of the services that the server can provide is given in the man page for the configuration file controlling the attributes of those services (see +\fBsmb.conf\fR(5)\&. This man page will not describe the services, but will concentrate on the administrative aspects of running the server\&. +.PP +Please note that there are significant security implications to running this server, and the +\fBsmb.conf\fR(5) +manual page should be regarded as mandatory reading before proceeding with installation\&. +.PP +A session is created whenever a client requests one\&. Each client gets a copy of the server for each session\&. This copy then services all connections made by the client during that session\&. When all connections from its client are closed, the copy of the server for that client terminates\&. +.PP +The configuration file, and any files that it includes, are automatically reloaded every three minutes, if they change\&. One can force a reload by sending a SIGHUP to the server\&. Reloading the configuration file will not affect connections to any service that is already established\&. Either the user will have to disconnect from the service, or +smbd +killed and restarted\&. +.PP +Instead of sending a SIGHUP signal, a request to reload configuration file may be sent using +\fBsmbcontrol\fR(1) +program\&. +.SH "OPTIONS" +.PP +\-D|\-\-daemon +.RS 4 +If specified, this parameter causes the server to operate as a daemon\&. That is, it detaches itself and runs in the background, fielding requests on the appropriate port\&. Operating the server as a daemon is the recommended way of running +smbd +for servers that provide more than casual use file and print services\&. This switch is assumed if +smbd +is executed on the command line of a shell\&. +.RE +.PP +\-i|\-\-interactive +.RS 4 +If this parameter is specified it causes the server to run "interactively", not as a daemon, even if the server is executed on the command line of a shell\&. Setting this parameter negates the implicit daemon mode when run from the command line\&. +smbd +will only accept one connection and terminate\&. It will also log to standard output, as if the +\-S +parameter had been given\&. +.RE +.PP +\-F|\-\-foreground +.RS 4 +If specified, this parameter causes the main +smbd +process to not daemonize, i\&.e\&. double\-fork and disassociate with the terminal\&. Child processes are still created as normal to service each connection request, but the main process does not exit\&. This operation mode is suitable for running +smbd +under process supervisors such as +supervise +and +svscan +from Daniel J\&. Bernstein\*(Aqs +daemontools +package, or the AIX process monitor\&. +.RE +.PP +\-\-no\-process\-group +.RS 4 +Do not create a new process group for smbd\&. +.RE +.PP +\-b|\-\-build\-options +.RS 4 +Prints information about how Samba was built\&. +.RE +.PP +\-p|\-\-port<port number(s)> +.RS 4 +\fIport number(s)\fR +is a space or comma\-separated list of TCP ports smbd should listen on\&. The default value is taken from the +\m[blue]\fBports\fR\m[] +parameter in +/etc/samba/smb\&.conf +.sp +The default ports are 139 (used for SMB over NetBIOS over TCP) and port 445 (used for plain SMB over TCP)\&. +.RE +.PP +\-P|\-\-profiling\-level<profiling level> +.RS 4 +\fIprofiling level\fR +is a number specifying the level of profiling data to be collected\&. 0 turns off profiling, 1 turns on counter profiling only, 2 turns on complete profiling, and 3 resets all profiling data\&. +.RE +.PP +\-d|\-\-debuglevel=DEBUGLEVEL, \-\-debug\-stdout +.RS 4 +\fIlevel\fR +is an integer from 0 to 10\&. The default value if this parameter is not specified is 0\&. +.sp +The higher this value, the more detail will be logged to the log files about the activities of the server\&. At level 0, only critical errors and serious warnings will be logged\&. Level 1 is a reasonable level for day\-to\-day running \- it generates a small amount of information about operations carried out\&. +.sp +Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&. +.sp +Note that specifying this parameter here will override the +\m[blue]\fBlog level\fR\m[] +parameter in the +/etc/samba/smb\&.conf +file\&. +This will redirect debug output to STDOUT\&. By default server daemons are logging to a log file\&. +.RE +.PP +\-\-configfile=CONFIGFILE +.RS 4 +The file specified contains the configuration details required by the server\&. The information in this file includes server\-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See +/etc/samba/smb\&.conf +for more information\&. The default configuration file name is determined at compile time\&. +.RE +.PP +\-\-option=<name>=<value> +.RS 4 +Set the +\fBsmb.conf\fR(5) +option "<name>" to value "<value>" from the command line\&. This overrides compiled\-in defaults and options read from the configuration file\&. If a name or a value includes a space, wrap whole \-\-option=name=value into quotes\&. +.RE +.PP +\-l|\-\-log\-basename=logdirectory +.RS 4 +Base directory name for log/debug files\&. The extension +\fB"\&.progname"\fR +will be appended (e\&.g\&. log\&.smbclient, log\&.smbd, etc\&.\&.\&.)\&. The log file is never removed by the client\&. +.RE +.PP +\-\-leak\-report +.RS 4 +Enable talloc leak reporting on exit\&. +.RE +.PP +\-\-leak\-report\-full +.RS 4 +Enable full talloc leak reporting on exit\&. +.RE +.PP +\-V|\-\-version +.RS 4 +Prints the program version number\&. +.RE +.PP +\-?|\-\-help +.RS 4 +Print a summary of command line options\&. +.RE +.PP +\-\-usage +.RS 4 +Display brief usage message\&. +.RE +.SH "FILES" +.PP +/etc/inetd\&.conf +.RS 4 +If the server is to be run by the +inetd +meta\-daemon, this file must contain suitable startup information for the meta\-daemon\&. +.RE +.PP +/etc/rc +.RS 4 +or whatever initialization script your system uses)\&. +.sp +If running the server as a daemon at startup, this file will need to contain an appropriate startup sequence for the server\&. +.RE +.PP +/etc/services +.RS 4 +If running the server via the meta\-daemon +inetd, this file must contain a mapping of service name (e\&.g\&., netbios\-ssn) to service port (e\&.g\&., 139) and protocol type (e\&.g\&., tcp)\&. +.RE +.PP +/usr/local/samba/lib/smb\&.conf +.RS 4 +This is the default location of the +\fBsmb.conf\fR(5) +server configuration file\&. Other common places that systems install this file are +/usr/samba/lib/smb\&.conf +and +/etc/samba/smb\&.conf\&. +.sp +This file describes all the services the server is to make available to clients\&. See +\fBsmb.conf\fR(5) +for more information\&. +.RE +.SH "LIMITATIONS" +.PP +On some systems +smbd +cannot change uid back to root after a setuid() call\&. Such systems are called trapdoor uid systems\&. If you have such a system, you will be unable to connect from a client (such as a PC) as two different users at once\&. Attempts to connect the second user will result in access denied or similar\&. +.SH "ENVIRONMENT VARIABLES" +.PP +\fBPRINTER\fR +.RS 4 +If no printer name is specified to printable services, most systems will use the value of this variable (or +\fBlp\fR +if this variable is not defined) as the name of the printer to use\&. This is not specific to the server, however\&. +.RE +.SH "PAM INTERACTION" +.PP +Samba uses PAM for authentication (when presented with a plaintext password), for account checking (is this account disabled?) and for session management\&. The degree too which samba supports PAM is restricted by the limitations of the SMB protocol and the +\m[blue]\fBobey pam restrictions\fR\m[] +\fBsmb.conf\fR(5) +parameter\&. When this is set, the following restrictions apply: +.RS +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fIAccount Validation\fR: All accesses to a samba server are checked against PAM to see if the account is valid, not disabled and is permitted to login at this time\&. This also applies to encrypted logins\&. +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +\fISession Management\fR: When not using share level security, users must pass PAM\*(Aqs session checks before access is granted\&. Note however, that this is bypassed in share level security\&. Note also that some older pam configuration files may need a line added for session support\&. +.RE +.SH "VERSION" +.PP +This man page is part of version 4\&.19\&.2\-git\&.328\&.e4c431e307f150600\&.1\&.23SUSE\-oS15\&.0\-x86_64 of the Samba suite\&. +.SH "DIAGNOSTICS" +.PP +Most diagnostics issued by the server are logged in a specified log file\&. The log file name is specified at compile time, but may be overridden on the command line\&. +.PP +The number and nature of diagnostics available depends on the debug level used by the server\&. If you have problems, set the debug level to 3 and peruse the log files\&. +.PP +Most messages are reasonably self\-explanatory\&. Unfortunately, at the time this man page was created, there are too many diagnostics available in the source code to warrant describing each and every diagnostic\&. At this stage your best bet is still to grep the source code and inspect the conditions that gave rise to the diagnostics you are seeing\&. +.SH "TDB FILES" +.PP +Samba stores it\*(Aqs data in several TDB (Trivial Database) files, usually located in +/var/lib/samba\&. +.PP +(*) information persistent across restarts (but not necessarily important to backup)\&. +.PP +account_policy\&.tdb* +.RS 4 +NT account policy settings such as pw expiration, etc\&.\&.\&. +.RE +.PP +brlock\&.tdb +.RS 4 +byte range locks +.RE +.PP +browse\&.dat +.RS 4 +browse lists +.RE +.PP +gencache\&.tdb +.RS 4 +generic caching db +.RE +.PP +group_mapping\&.tdb* +.RS 4 +group mapping information +.RE +.PP +locking\&.tdb +.RS 4 +share modes & oplocks +.RE +.PP +login_cache\&.tdb* +.RS 4 +bad pw attempts +.RE +.PP +messages\&.tdb +.RS 4 +Samba messaging system +.RE +.PP +netsamlogon_cache\&.tdb* +.RS 4 +cache of user net_info_3 struct from net_samlogon() request (as a domain member) +.RE +.PP +ntdrivers\&.tdb* +.RS 4 +installed printer drivers +.RE +.PP +ntforms\&.tdb* +.RS 4 +installed printer forms +.RE +.PP +ntprinters\&.tdb* +.RS 4 +installed printer information +.RE +.PP +printing/ +.RS 4 +directory containing tdb per print queue of cached lpq output +.RE +.PP +registry\&.tdb +.RS 4 +Windows registry skeleton (connect via regedit\&.exe) +.RE +.PP +smbXsrv_session_global\&.tdb +.RS 4 +session information (e\&.g\&. support for \*(Aqutmp = yes\*(Aq) +.RE +.PP +smbXsrv_tcon_global\&.tdb +.RS 4 +share connections (used to enforce max connections, etc\&.\&.\&.) +.RE +.PP +smbXsrv_open_global\&.tdb +.RS 4 +open file handles (used durable handles, etc\&.\&.\&.) +.RE +.PP +share_info\&.tdb* +.RS 4 +share acls +.RE +.PP +winbindd_cache\&.tdb +.RS 4 +winbindd\*(Aqs cache of user lists, etc\&.\&.\&. +.RE +.PP +winbindd_idmap\&.tdb* +.RS 4 +winbindd\*(Aqs local idmap db +.RE +.PP +wins\&.dat* +.RS 4 +wins database when \*(Aqwins support = yes\*(Aq +.RE +.SH "SIGNALS" +.PP +Sending the +smbd +a SIGHUP will cause it to reload its +smb\&.conf +configuration file within a short period of time\&. +.PP +To shut down a user\*(Aqs +smbd +process it is recommended that +SIGKILL (\-9) +\fINOT\fR +be used, except as a last resort, as this may leave the shared memory area in an inconsistent state\&. The safe way to terminate an +smbd +is to send it a SIGTERM (\-15) signal and wait for it to die on its own\&. +.PP +The debug log level of +smbd +may be raised or lowered using +\fBsmbcontrol\fR(1) +program (SIGUSR[1|2] signals are no longer used since Samba 2\&.2)\&. This is to allow transient problems to be diagnosed, whilst still running at a normally low log level\&. +.PP +Note that as the signal handlers send a debug write, they are not re\-entrant in +smbd\&. This you should wait until +smbd +is in a state of waiting for an incoming SMB before issuing them\&. It is possible to make the signal handlers safe by un\-blocking the signals before the select call and re\-blocking them after, however this would affect performance\&. +.SH "SEE ALSO" +.PP +\fBhosts_access\fR(5), +\fBinetd\fR(8), +\fBnmbd\fR(8), +\fBsmb.conf\fR(5), +\fBsmbclient\fR(1), +\fBtestparm\fR(1), and the Internet RFC\*(Aqs +rfc1001\&.txt, +rfc1002\&.txt\&. In addition the CIFS (formerly SMB) specification is available as a link from the Web page +https://www\&.samba\&.org/cifs/\&. +.SH "AUTHOR" +.PP +The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&. |