chroot command in Linux with examples

The ‘chroot’ command in Linux and Unix-like systems is used to change the root directory for the current running process and its child processes. This change creates a restricted environment, often referred to as a “chroot jail” or “jailed directory,” where processes are limited to accessing only files within the new root directory. This is particularly useful for testing, recovering a system, enhancing security, and reinstalling system components like the bootloader.7

How ‘chroot’ command Works?

In a typical Linux/Unix environment, each process has a current working directory known as the root directory (/). By using the ‘chroot’ command, you can change this root directory for a specific process and its children, effectively isolating them from the rest of the system. This means that the process cannot access files or directories outside of this new root, providing an added layer of security and control.

“chroot” command can be very useful:

• Creating a Test Environment: Developers can create a safe, isolated environment to test software without risking damage to the main system.
• System Recovery: chroot can be used to recover a broken system, such as resetting a forgotten password or repairing file systems.
• Reinstalling the Bootloader: If the bootloader is corrupted, chroot allows you to access the system environment to reinstall or repair it.

Syntax:

chroot /path/to/new/root command

or,

chroot /path/to/new/root /path/to/server

or,

chroot [options] /path/to/new/root /path/to/server

Options for the ‘chroot’ Command

• –userspec=USER:GROUP : This option describe the user and group which is to be used. Either name or numeric ID can be used to specify the user and group.
• –groups=G_LIST : It describe the supplementary groups as g1,g2,..,gN.
• –help : Shows the help message, and exit.
• –version : Gives version information, and exit.

chroot command Example in Linux

Let us look at an example of chroot command in Linux to better understand the concept.

Step 1: Create the Chroot Directory

We will create a mini-jail with bash and basic commands only. Let’s create a “jail” directory inside the “home” directory, which will be our new root.

$ mkdir $HOME/jail

Step 2: Set Up the Directory Structure

Create directories inside “$HOME/jail”:

$ mkdir -p $HOME/jail/{bin, lib64}
$ cd $HOME/jail

Step 3: Copy Essential Binaries

Copy ‘/bin/bash’ and ‘/bin/ls’ into ‘$HOME/jail/bin/’ location using ‘cp’ command:

$ cp -v /bin/{bash, ls} $HOME/jail/bin

Step 4: Identify Required Shared Libraries

Use ‘ldd’ command to print shared libraries:

$ ldd /bin/bash

Step 5: Copy Required Libraries

Copy required libraries into ‘$HOME/jail/lib64/’ location using ‘cp’ command:

cp -v libraries/displayed/by/above/command $HOME/jail/lib64

Similarly, copy the libraries of ‘ls’ command into ‘$HOME/jail/lib64’ location.

Step 6: Enter the Chroot Environment

Finally, chroot into your mini-jail:

$ sudo chroot $HOME/jail /bin/bash

Now user sees ‘$HOME/jail’ directory as its ‘root directory’. This is a great boost in the security.

Conclusion

The ‘chroot’ command is a powerful utility in Linux/Unix systems, providing a way to create isolated environments that enhance security, support system recovery, and facilitate testing. By limiting processes to a defined “jail,” chroot helps protect the main system from unwanted access and modifications.