jump to navigation

Explain: What is CHROOT on Linux ? December 22, 2010

Posted by Tournas Dimitrios in Linux.

One of the mount points in a GNU/Linux system is the root mountpoint (usually referred to as ‘/’). This is the root of the entire file system and any file or directory on the machine can be referenced from this point.

The chroot command ‘changes the root’ to another location. Why would you want to do that? One of the more popular reasons is to create a sandbox for either an application or a user. Once a new root is declared via chroot, any references that a user or application makes to ‘/’ will resolve to the new directory. This is a pretty effective way to restrict access to the real root and therefore the real file system. In fact, sometimes that act of chrooting is referred to a jailing or a chrooted shell is referred to as a jail shell.


chroot /home/john

This changes the root of my file system to /home/jon. From now on, references like:

nano /textfile

Will cause nano (a text editor) to open up the text file file in the /home/john directory.

Arguably, the chroot command is much more useful on a server to contain bad programs or users, but home users should be aware of chroot’s function.

The executables you want to use must be in the chroot directory. Example: chroot /home/john will try to execute $SHELL, like /bin/bash, if no other options are given. This means  /home/john/bin/bash and it support files must exist. Run ldd /bin/bash to find out what shared libraries must exist. Also run info chroot on any linux system for a good example.



No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s