Hi, The goal of the chroot is to split the two roles, not to provide any additional security Regards Le 17/03/2015 10:01, Sven Schwedas a ?crit :> On 2015-03-17 09:27, S?bastien Le Ray wrote: >> Hi list, >> >> Since it is considered ?harmful? to run a domain controller that acts a >> fileserver I was considering the option of putting the AD DC into a >> chroot. Is there any special configuration to perform (except bind >> interfaces) to avoid conflicts ? (is there any broadcasting issues or so?) > chroot is not a security feature and trivial to break out of, as the AD > DC d?mon runs as root. > >> Regards >> -- >> S?bastien Le Ray > >
On 17/03/15 09:03, S?bastien Le Ray wrote:> Hi, > > The goal of the chroot is to split the two roles, not to provide any > additional security > > Regards > > > Le 17/03/2015 10:01, Sven Schwedas a ?crit : >> On 2015-03-17 09:27, S?bastien Le Ray wrote: >>> Hi list, >>> >>> Since it is considered ?harmful? to run a domain controller that acts a >>> fileserver I was considering the option of putting the AD DC into a >>> chroot. Is there any special configuration to perform (except bind >>> interfaces) to avoid conflicts ? (is there any broadcasting issues >>> or so?) >> chroot is not a security feature and trivial to break out of, as the AD >> DC d?mon runs as root. >> >>> Regards >>> -- >>> S?bastien Le Ray >> >> >Hi, you could do what a lot of people do, run the DC in a VM. Rowland
Le 17/03/2015 10:43, Rowland Penny a ?crit :> Hi, you could do what a lot of people do, run the DC in a VM. > > Rowland >Not really an option : :-) total used free shared buffers cached Mem: 496 470 25 0 58 82 That's why I'm targetting the chroot