I am a new Linux and Unix user. How do I change the root directory of a command? How do I change the root directory of a process such as web-server using a chroot command to isolate file system? How do I use a chroot to recover password or fix the damaged Linux/Unix based environment?
Each process/command on Linux and Unix-like system has current working directory called root directory of a process/command. You can change the root directory of a command using chroot command, which ends up changing the root directory for both current running process and its children.
A process/command that is run in such a modified environment cannot access files outside the root directory. This modified environment is commonly known as "jailed directory" or "chroot jail". Only a privileged process and root user can use chroot command. This is useful to:
The chroot command changes its current and root directories to the provided directory and then run command, if supplied, or an interactive copy of the user's login shell. Please note that not every application can be chrooted.
The basic syntax is as follows:
Chroot command examples
In this example, build a mini-jail for testing purpose with bash and ls command only. First, set jail location using mkdir command:
Create directories inside $J:
Copy /bin/bash and /bin/ls into $J/bin/ location using cp command:
Copy required libs in $J. Use ldd command to print shared library dependencies for bash:
Copy libs in $J correctly from the above output:
Copy required libs in $J for ls command. Use ldd command to print shared library dependencies for ls command:
You can copy libs one-by-one or try bash shell for loop as follows:
Try browsing /etc or /var:
A chrooted bash and ls application is locked into a particular directory called $HOME/$J and unable to wander around the rest of the directory tree, and sees that directory as its "/" (root) directory. This is a tremendous boost to security if configured properly. I usually lock down the following applications using the same techniques:
How do I exit from chrooted jail? Using command exit.
Finally, chroot into your new jail:
See all other chroot command related examples on nixCraft:
A note about chrooting apps on a Linux or Unix-like systems
Should you use the chroot feature all the time? In the above example, the program is fairly simple but you may end up with several different kinds of problems such as:
* 鳥哥 - Linux 帳號管理與 ACL 權限設定
* chroot(8) Linux/Unix command man page
* Man pages - chroot(2)
* OpenBSD documentation - See Apache chrooting faq for more information.