The server will chroot() (i.e.
Change its root directory) to this directory on startup. This is
not strictly necessary for secure operation. Even without it the
server will deny access to files not in one of the service entries.
It may also check for, and deny access to, soft links to other
parts of the filesystem, or attempts to use ".." in file names
to access other directories (depending on the setting of the parameter).
Adding a root directory entry other
than "/" adds an extra level of security, but at a price. It
absolutely ensures that no access is given to files not in the
sub-tree specified in the root directory
option, including some files needed for
complete operation of the server. To maintain full operability
of the server you will need to mirror some system files
into the root directory tree. In particular
you will need to mirror /etc/passwd (or a
subset of it), and any binaries or configuration files needed for
printing (if required). The set of files that must be mirrored is
operating system dependent.
|Registry Path||Software\Policies\Samba\smb_conf\root directory|
|Value Name||root directory|