Linux Chroot Command Tutorial with Examples


Linux provides different mechanisms for practical and security reasons. chroot is one of them. Processes in linux can access to the file system or root by default. Linux kernel also provides chroot mechanism to restrict access to the whole filesystem in Linux.

Syntax

The chroot syntax is like below.

chroot OPTION NEWROOT COMMAND
  • OPTION is chroot option
  • NEWROOT is the new root directory
  • COMMAND is the command we want to run in the chrooted directory

Chroot Jail or Jailed Directory

We can create a jailed directory or chroot jail just using chroot command with the path we want to use as jail. After the chroot the new root will be the given path. In this example we will chroot to the /home/ismail/ . After chroot all contents of the /home/ismail will be served as / root directory.

$ chroot /home/ismail /bin/bash

But keep in mind that before chrooting we need two things.

  1. We need root privileges to run chroot command
  2. We should provide command and required libraries we want to run in chrooted environment

Specify User and User ID

We can specify the user we want to use in chrooted environment as process owner. We will use --userspec and the user id or name. In this example we will use user named ismail .

$ chroot --userspec=ismail /home/ismail /bin/bash

OR we will use user id

$ chroot --userspec=1001 /home/ismail /bin/bash

Specify Group and Group ID

We can also specify the group name or group ID we want to use for the chrooted process. We will use --groups option. We can specify multiple groups by separating the group ids or names with comma. In this example we will use group ismail

$ chroot --groups=ismail /home/ismail /bin/bash

OR we can use group ID like below

$ chroot --groups=1001 /home/ismail /bin/bash

Do Not Change Working Directory

We can also skip changing current working directory of the chrooted process to the / root. We will us --skip-chdir . We will use current root as chrooted root.

$ chroot --skip-chdir / /bin/bash

LEARN MORE  Git - Environment Setup and Basic Configuration

2 thoughts on “Linux Chroot Command Tutorial with Examples”

  1. Pingback: Chroot basics | 0ddn1x: tricks with *nix
  2. It would be helpful to have a full description of the restricted environment. For example, proc, sys and dev need to be set up for a lot of useful operations: the bind mounts aren’t obvious to the casual observer!
    All the executables must be on PATH relative to $NEWROOT (right?). Saying that sort of thing ‘completes the thought’ and eliminates trial and error discovery of the mechanics of the chroot command. Just saying. I did learn some new things: that the user and group can be set.

    Reply

Leave a Comment