[Date Prev][Date Next] [Chronological] [Thread] [Top]

slapd -r (chroot) documentation (Was: breaking up slap_init_user() for better chroot functionality)

Kurt D. Zeilenga writes:
>At 02:13 PM 10/12/2004, Pierangelo Masarati wrote:
>>I note that usually setuid() is seen as an alternative to chroot(),
> Err, when using chroot(2) as a security mechanism, it is important
> to call setuid(2) after calling chroot(2).  This because a process
> running as root can easily break out of chroot(2) environment.

I did not know that.  It's not mentioned in my system manpages, either.
Please add that warning where this option is described in the slapd
manpage and the admin guide.