Its all about Chroot

UNIX file system

About unix file system

Unix file system organized as a tree structure. Filesystem Hierarchy Standard (FHS) defines the structure of file systems on unix. Everything in Unix is considered to be a file, including physical devices such as DVD-ROMs, USB devices, floppy drive and etc.

UNIX file system hierarchy

Every Unix file system has a root(“/”) directory. This is the base of the file system. Root directory contains sub directories like usr, bin, home, dev, boot. Each and every these directories contains their own sub directories and so on.

This file system identifies as root file system.

Chroot

About chroot

Creating new root file system inside existing file system known as change root or chroot. A process/command that is run in this new environment cannot access files outside the root directory. This modified environment is commonly known as “jailed directory” or “chroot jail”.

Advantages of chroot

  1. Setup test environments
  2. Run programs in independent environments(for an example run old programs, without crashing the system)
  3. Reinstall bootloader(grub, lilo etc)
  4. System recovery
  5. Password recovery

Chroot() system call

Chroot can be done via chroot() system call. The chroot() system call is only available to the root user. A non-root user cannot execute a chroot() call

Create chroot environment

In here I’m gonna describe the basic steps to create a jail. From another post I hoping to cover how install nginx and apache with chroot.

Create isolated environment

First needs to create isolated directory. This is our chroot jail directory.

Chroot the jail directory

Create chroot environment in jail directory.

When first time executing this command it will gives following error

This is due to chroot wasn't able to find the bash shell. This highlights an important concept of creating a new root file system. The new file system has no access to anything from the original file system, including any commands.

Copy bash and libraries to jail directory

Bash exists in /bin/bash copy it to jail/bin/bash and try to chroot again.

It still failing. This is due to dynamic libraries used by bin/bash. To execute a command in chroot environment, all libraries(dynamic libraries) used by a command must also be copied to the chroot jail.

Copy dynamic libraries

You can view the libraries used by a command via

Following are the libraries used by /bin/bash command.

Copy these libraries to new jail environment’s lib and lib64

Finally it works

Now you are in a new jail environment. This is fresh linux root directory. Have nothing on it even ls command.

You have to setup/install all the required packages manually in here.

Copy ls command and libraries

Lest copy ls command and libraries

ls inside jail

Now ls command should work inside our new chroot jail

Like what you read? Give λ.eranga a round of applause.

From a quick cheer to a standing ovation, clap to show how much you enjoyed this story.