1 <samba:parameter name="root directory"
3 advanced="1" developer="1"
4 xmlns:samba="http://samba.org/common">
6 <para>The server will <command moreinfo="none">chroot()</command> (i.e.
7 Change its root directory) to this directory on startup. This is
8 not strictly necessary for secure operation. Even without it the
9 server will deny access to files not in one of the service entries.
10 It may also check for, and deny access to, soft links to other
11 parts of the filesystem, or attempts to use ".." in file names
12 to access other directories (depending on the setting of the <link linkend="WIDELINKS">
13 <parameter moreinfo="none">wide links</parameter></link>
17 <para>Adding a <parameter moreinfo="none">root directory</parameter> entry other
18 than "/" adds an extra level of security, but at a price. It
19 absolutely ensures that no access is given to files not in the
20 sub-tree specified in the <parameter moreinfo="none">root directory</parameter>
21 option, <emphasis>including</emphasis> some files needed for
22 complete operation of the server. To maintain full operability
23 of the server you will need to mirror some system files
24 into the <parameter moreinfo="none">root directory</parameter> tree. In particular
25 you will need to mirror <filename moreinfo="none">/etc/passwd</filename> (or a
26 subset of it), and any binaries or configuration files needed for
27 printing (if required). The set of files that must be mirrored is
28 operating system dependent.</para>
30 <para>Default: <command moreinfo="none">root directory = /</command></para>
32 <para>Example: <command moreinfo="none">root directory = /homes/smb</command></para>