Linux Chroot Command Tutorial with Examples – POFTUT

Linux Chroot Command Tutorial with Examples

Linux provides different mechanisms for practical and security reasons. chroot is one of them. Processes in linux can access to the file system or root by default. Linux kernel also provides chroot mechanism to restrict access to the whole filesystem in Linux.

Syntax

The chroot syntax is like below.

  • OPTION is chroot option
  • NEWROOT is the new root directory
  • COMMAND is the command we want to run in the chrooted directory

Chroot Jail or Jailed Directory

We can create a jailed directory or chroot jail just using chroot command with the path we want to use as jail. After the chroot the new root will be the given path. In this example we will chroot to the /home/ismail/ . After chroot all contents of the /home/ismail will be served as / root directory.

But keep in mind that before chrooting we need two things.

  1. We need root privileges to run chroot command
  2. We should provide command and required libraries we want to run in chrooted environment

Specify User and User ID

We can specify the user we want to use in chrooted environment as process owner. We will use --userspec and the user id or name. In this example we will use user named ismail .

OR we will use user id

Specify Group and Group ID

We can also specify the group name or group ID we want to use for the chrooted process. We will use --groups option. We can specify multiple groups by separating the group ids or names with comma. In this example we will use group ismail

echo '
'

OR we can use group ID like below

LEARN MORE  Linux SSH Server (sshd) Configuration and Security Options With Examples

Do Not Change Working Directory

We can also skip changing current working directory of the chrooted process to the / root. We will us --skip-chdir . We will use current root as chrooted root.

2 Responses

  1. Chris says:

    It would be helpful to have a full description of the restricted environment. For example, proc, sys and dev need to be set up for a lot of useful operations: the bind mounts aren’t obvious to the casual observer!
    All the executables must be on PATH relative to $NEWROOT (right?). Saying that sort of thing ‘completes the thought’ and eliminates trial and error discovery of the mechanics of the chroot command. Just saying. I did learn some new things: that the user and group can be set.

  1. 29/07/2017

Leave a Reply

Your email address will not be published. Required fields are marked *