| blob | 9efc11e3c6dc53d5e040ce0964fa9db776b1194f |
1 <samba:parameter xmlns:samba="http://samba.org/common">
2 <term><anchor id="ROOTDIRECTORY"/>root directory (G)</term>
3 <listitem><para>The server will <command moreinfo="none">chroot()</command> (i.e.
4 Change its root directory) to this directory on startup. This is
5 not strictly necessary for secure operation. Even without it the
6 server will deny access to files not in one of the service entries.
7 It may also check for, and deny access to, soft links to other
8 parts of the filesystem, or attempts to use ".." in file names
9 to access other directories (depending on the setting of the <link linkend="WIDELINKS"><parameter moreinfo="none">wide links</parameter></link>
10 parameter).</para>
12 <para>Adding a <parameter moreinfo="none">root directory</parameter> entry other
13 than "/" adds an extra level of security, but at a price. It
14 absolutely ensures that no access is given to files not in the
15 sub-tree specified in the <parameter moreinfo="none">root directory</parameter>
16 option, <emphasis>including</emphasis> some files needed for
17 complete operation of the server. To maintain full operability
18 of the server you will need to mirror some system files
19 into the <parameter moreinfo="none">root directory</parameter> tree. In particular
20 you will need to mirror <filename moreinfo="none">/etc/passwd</filename> (or a
21 subset of it), and any binaries or configuration files needed for
22 printing (if required). The set of files that must be mirrored is
23 operating system dependent.</para>
25 <para>Default: <command moreinfo="none">root directory = /</command></para>
26 <para>Example: <command moreinfo="none">root directory = /homes/smb</command></para>
27 </listitem>
28 </samba:parameter>