[Samba] Domain controller in a chroot

Sven Schwedas sven.schwedas at tao.at
Tue Mar 17 03:01:39 MDT 2015


On 2015-03-17 09:27, Sébastien Le Ray wrote:
> Hi list,
> 
> Since it is considered “harmful” to run a domain controller that acts a
> fileserver I was considering the option of putting the AD DC into a
> chroot. Is there any special configuration to perform (except bind
> interfaces) to avoid conflicts ? (is there any broadcasting issues or so?)

chroot is not a security feature and trivial to break out of, as the AD
DC dæmon runs as root.

> Regards
> -- 
> Sébastien Le Ray

-- 
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas
Systemadministrator
TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz
Mail/XMPP: sven.schwedas at tao.at | +43 (0)680 301 7167
http://software.tao.at

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 648 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20150317/1144d49a/attachment.pgp>


More information about the samba mailing list