1
<samba:parameter name="root directory"
4
advanced="1" developer="1"
5
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
6
<synonym>root</synonym>
7
<synonym>root dir</synonym>
9
<para>The server will <command moreinfo="none">chroot()</command> (i.e.
10
Change its root directory) to this directory on startup. This is
11
not strictly necessary for secure operation. Even without it the
12
server will deny access to files not in one of the service entries.
13
It may also check for, and deny access to, soft links to other
14
parts of the filesystem, or attempts to use ".." in file names
15
to access other directories (depending on the setting of the
16
<smbconfoption name="wide smbconfoptions"/> parameter).
19
<para>Adding a <parameter moreinfo="none">root directory</parameter> entry other
20
than "/" adds an extra level of security, but at a price. It
21
absolutely ensures that no access is given to files not in the
22
sub-tree specified in the <parameter moreinfo="none">root directory</parameter>
23
option, <emphasis>including</emphasis> some files needed for
24
complete operation of the server. To maintain full operability
25
of the server you will need to mirror some system files
26
into the <parameter moreinfo="none">root directory</parameter> tree. In particular
27
you will need to mirror <filename moreinfo="none">/etc/passwd</filename> (or a
28
subset of it), and any binaries or configuration files needed for
29
printing (if required). The set of files that must be mirrored is
30
operating system dependent.</para>
33
<value type="default">/</value>
34
<value type="example">/homes/smb</value>