slapd -r (chroot) documentation (Was: breaking up slap_init_user() for better chroot functionality)

[Hallvard B Furuseth <h.b.furuseth@usit.uio.no>]

Kurt D. Zeilenga writes:
>At 02:13 PM 10/12/2004, Pierangelo Masarati wrote:
>>I note that usually setuid() is seen as an alternative to chroot(),
> 
> Err, when using chroot(2) as a security mechanism, it is important
> to call setuid(2) after calling chroot(2).  This because a process
> running as root can easily break out of chroot(2) environment.

I did not know that.  It's not mentioned in my system manpages, either.
Please add that warning where this option is described in the slapd
manpage and the admin guide.

-- 
Hallvard