swat -- Samba Web Administration Tool


swat [-s <smb config file>] [-a]


This tool is part of the Samba suite.

swat allows a Samba administrator to configure the complex smb.conf(5) file via a Web browser. In addition, a swat configuration page has help links to all the configurable options in the smb.conf file allowing an administrator to easily look up the effects of any change.

swat is run from inetd


-s smb configuration file

The default configuration file path is determined at compile time. The file specified contains the configuration details required by the smbd server. This is the file that swat will modify. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide. See smb.conf for more information.


This option disables authentication and puts swat in demo mode. In that mode anyone will be able to modify the smb.conf file.

Do NOT enable this option on a production server.


After you compile SWAT you need to run make install to install the swat binary and the various help files and images. A default install would put these in:

Inetd Installation

You need to edit your /etc/inetd.conf and /etc/services to enable SWAT to be launched via inetd.

In /etc/services you need to add a line like this:

swat 901/tcp

Note for NIS/YP users - you may need to rebuild the NIS service maps rather than alter your local /etc/services file.

the choice of port number isn't really important except that it should be less than 1024 and not currently used (using a number above 1024 presents an obscure security hole depending on the implementation details of your inetd daemon).

In /etc/inetd.conf you should add a line like this:

swat stream tcp nowait.400 root /usr/local/samba/bin/swat swat

One you have edited /etc/services and /etc/inetd.conf you need to send a HUP signal to inetd. To do this use kill -1 PID where PID is the process ID of the inetd daemon.


To launch SWAT just run your favorite web browser and point it at "http://localhost:901/".

Note that you can attach to SWAT from any IP connected machine but connecting from a remote machine leaves your connection open to password sniffing as passwords will be sent in the clear over the wire.



This file must contain suitable startup information for the meta-daemon.


This file must contain a mapping of service name (e.g., swat) to service port (e.g., 901) and protocol type (e.g., tcp).


This is the default location of the smb.conf(5) server configuration file that swat edits. Other common places that systems install this file are /usr/samba/lib/smb.conf and /etc/smb.conf . This file describes all the services the server is to make available to clients.


swat will rewrite your smb.conf file. It will rearrange the entries and delete all comments, include= and copy=" options. If you have a carefully crafted smb.conf then back it up or don't use swat!


This man page is correct for version 2.2 of the Samba suite.


inetd(5), smbd(8), smb.conf(5)


The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another excellent piece of Open Source software, available at ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for Samba 2.2 was done by Gerald Carter