Linux/Unix: chroot Command

What are the chroot commands?

The "chroot command" is a Unix/Linux command. It is used to change the root directory to a new directory in the Linux/Unix operating system. The new directory is known as chroot jail and jail directory. It is an effective and simple command for the user toolset. Once you are inside two root directories, you cannot use any directory above it. If you create a fake root-directory for a user, it loses access to the real root directory.

Usually, the following changes are made to the root for system maintenance:

  1. Increase security using the ring-fencing mechanism
  2. Restart bootloader files on your system
  3. Create a test environment for software testing
  4. Password reset

Syntax of chroot command

The chroot command in Linux has the following syntax.

S. Nochroot command Syntax
1.chroot / path / to / new / root / path / to / server
2.chroot / path / to / new / root command
3.chroot [options] / path / to / new / root / path / to / server

The chroot command requires a parameter to run the command, and this parameter gives way to the new root directory. You can use these available options to get the result you want.

Option:

  • -userspec = (USER:GROUP): This option describes the group and user on which you want to use the chroot command. A number id or name can be used to define a group and user.
  • -groups = G_LIST: It is used to define the complementary groups, like G1, G2, G3, G4, G5,…, Gn.
  • -help: This option is used to show a help message.
  • -version: This option is used to show the detail of the given version.

Creating a chroot.jail

A chroot jail is a virtual directory. It is created by converting the root directory to a new directory. It acts as a dummy root directory for your chroot jail.

1. Create a Directory

In this command, first we create a fake root directory using the mkdir command. This command is shown below.


Linux/Unix: chroot Command

This command creates a directory at the given address that we use for the chroot jail directory, and before running this command, we add the required files to the new directory.

2. To add Required Root Directories in chroot jail

Firstly, in this command, we create the required directories (/ bin, / lib, and / lib64) in the chroot jail directory. The required directories are specified in the bracket ("{}"), as you can see in the below command syntax.


Linux/Unix: chroot Command

3. Move the Binary Files

We create a minimalistic Linux environment for this command, and we use the ls, bash touch, and rm commands to enhance the functionality of the virtual environment.


Linux/Unix: chroot Command

Note: In this command, we use the cp command and the -v tag to see what is being copied at that time.

4. To find the Command Dependencies

We can find out the dependency of a command using the ldd command. Now, we'll copy directories one by one in our chroot jail using the cp command. We check the copy of all dependency libraries. If there is a problem with dependency libraries, chroot jail will not run properly.



Linux/Unix: chroot Command

We will repeat these steps inside the Chroot jail with all the commands we want to allow.