[Samba] Domain controller in a chroot
Rowland Penny
rowlandpenny at googlemail.com
Tue Mar 17 03:43:47 MDT 2015
On 17/03/15 09:03, Sébastien Le Ray wrote:
> Hi,
>
> The goal of the chroot is to split the two roles, not to provide any
> additional security
>
> Regards
>
>
> Le 17/03/2015 10:01, Sven Schwedas a écrit :
>> On 2015-03-17 09:27, Sébastien Le Ray wrote:
>>> Hi list,
>>>
>>> Since it is considered “harmful” to run a domain controller that acts a
>>> fileserver I was considering the option of putting the AD DC into a
>>> chroot. Is there any special configuration to perform (except bind
>>> interfaces) to avoid conflicts ? (is there any broadcasting issues
>>> or so?)
>> chroot is not a security feature and trivial to break out of, as the AD
>> DC dæmon runs as root.
>>
>>> Regards
>>> --
>>> Sébastien Le Ray
>>
>>
>
Hi, you could do what a lot of people do, run the DC in a VM.
Rowland
More information about the samba
mailing list