- Unix Commands Reference
- Unix Commands - Home
chroot Command in Linux
chroot is a command that you can use on Linux to alter the apparent root directory for the current processes and its child processes. With the help of chroot command, you can create a separate environment for running programs. This will help prevent the programs from interacting with your regular filesystem. This encapsulated environment is often referred to as chroot jail and useful for tasks like product verification and software development process.
If you want to create a lightweight, quick-to-deploy environment on your Linux system, you will not find a better alternative to chroot command.
Table of Contents
Here is a comprehensive guide to the options available with the chroot command −
- How to Install chroot Command in Linux?
- Syntax for chroot Command in Linux
- Different Options Available for chroot Command
- How to use chroot Command in Linux?
How to Install chroot Command in Linux?
The chroot command is a part of coreutils package that is pre-installed on all Linux distributions can verify the presence of chroot command by running the following command −
chroot --version
However, in case the chroot command is unavailable, you can reinstall the coreutils package on your system from Linux package manager.
On Debian-based Linux operating system, such as Ubuntu, the apt package manager can be used to reinstall the chroot command from the coreutils package −
sudo apt install --reinstall coreutils
For other distributions, like CentOS and Fedora, you can use the yums package manager to reinstall the chroot command −
sudo yum install --reinstall coreutils
Syntax for chroot Command in Linux
The basic syntax for the chroot command in Linux is provided below −
chroot /path/to/new/root command
You can replace /path/to/new/root with the desired directory and command with the specific command you want to run within that modified environment.
Different Options Available for chroot Command in Linux
You can use different options or flags with the chroot command and change the behavior of it. These options are discussed in the table provided below −
| Option | Description |
|---|---|
| --groups | Specifies supplementary groups, such as g1, g2, …, gN |
| --userspec | Specifies user and group that includes ID or name to use. |
| --skip-chdir | It doesn’t change the current working directory. |
| --help | Displays the help and exists. |
| --version | Displays the version information and exists. |
How to use chroot Command in Linux?
With the chroot command, you can create a mini-jail for testing. Doing this will allow you to set up a secure environment where specific commands can be run within a restricted context. To create a mini-jail using chroot command, follow the below-given steps −
Step 1 − First, create a directory on Linux using the below-given command −
mkdir $HOME/jail
Step 2 − To set up the necessary structure within the jail environment, and organize binaries and libraries effectively, create two directories: bin and lib64, inside the $HOME/jail directory.
mkdir -p $HOME/jail/{bin,lib64}
Step 3 − Now, copy the bash and ls binaries from the system’s default location (/bin/) into the bin directory within the $HOME/jail environment using −
cp -v /bin/{bash,ls} $HOME/jail/bin
The above command will populate the bin directory in the jail with essential commands for testing or other purposes.
Step 4 − Next, use the ldd command to identify required libraries −
ldd /bin/bash
Step 5 − After that, use the path location of the libraries and use the cp command to copy these libraries to the $HOME/jail/lib64/ location −
cp -v libraries/displayed/by/above/command $HOME/jail/lib64/
Step 6 − Once the required libraries are copies, use the following command to chroot into your mini jail −
sudo chroot $HOME/jail /bin/bash
After this step, the user now perceives the $HOME/jail directory as their root directory, which significantly enhances security.
You can also specify a user and group for the chroot environment using the --userspec option. For instance −
sudo chroot --userspec=user:group $HOME/jail /bin/bash
Replace user and group with the desired user and group names or IDs.
Further, if you want to execute a command with supplementary groups, you can use the --groups option. For example −
sudo chroot --groups=g1,g2 $HOME/jail /bin/bash
Replace g1 and g2 with the actual group names or IDs.
Conclusion
The chroot is a powerful tool that is used for creating isolated environments, system recovery, or testing purposes. This tutorial covered the basics of chroot command, provided syntax and description of different options to be used with the command. After that, we explained the use of chroot command by providing an example of creating a mini jail for testing purposes. Remember to use this command wisely and adapt it to your specific needs.