Its all about Chroot
UNIX file system
About unix file system
Unix file system organized as a tree structure. Filesystem Hierarchy Standard (FHS) defines the structure of file systems on unix. Everything in Unix is considered to be a file, including physical devices such as DVD-ROMs, USB devices, floppy drive and etc.
UNIX file system hierarchy
Every Unix file system has a root(“/”) directory. This is the base of the file system. Root directory contains sub directories like usr, bin, home, dev, boot. Each and every these directories contains their own sub directories and so on.
This file system identifies as root file system.
Creating new root file system inside existing file system known as change root or chroot. A process/command that is run in this new environment cannot access files outside the root directory. This modified environment is commonly known as “jailed directory” or “chroot jail”.
Advantages of chroot
- Setup test environments
- Run programs in independent environments(for an example run old programs, without crashing the system)
- Reinstall bootloader(grub, lilo etc)
- System recovery
- Password recovery
Chroot() system call
Chroot can be done via chroot() system call. The chroot() system call is only available to the root user. A non-root user cannot execute a chroot() call
Create chroot environment
In here I’m gonna describe the basic steps to create a jail. From another post I hoping to cover how install nginx and apache with chroot.
Create isolated environment
First needs to create isolated directory. This is our chroot jail directory.
Chroot the jail directory
Create chroot environment in jail directory.
When first time executing this command it will gives following error
This is due to chroot wasn't able to find the bash shell. This highlights an important concept of creating a new root file system. The new file system has no access to anything from the original file system, including any commands.
Copy bash and libraries to jail directory
Bash exists in /bin/bash copy it to jail/bin/bash and try to chroot again.
It still failing. This is due to dynamic libraries used by bin/bash. To execute a command in chroot environment, all libraries(dynamic libraries) used by a command must also be copied to the chroot jail.
Copy dynamic libraries
You can view the libraries used by a command via
Following are the libraries used by /bin/bash command.
Copy these libraries to new jail environment’s lib and lib64
Finally it works
Now you are in a new jail environment. This is fresh linux root directory. Have nothing on it even ls command.
You have to setup/install all the required packages manually in here.
Copy ls command and libraries
Lest copy ls command and libraries
ls inside jail
Now ls command should work inside our new chroot jail