The
term jail chroot dates back to 1992 and is frequently used today. But what does this term mean and what is this operation used for?
In this tutorial, we’ll cover the basics of using chroot jails and show you how you can set one up.
prerequisites
- A system running a Linux or Unix operating system
- A user account with sudo-level privileges
- Terminal/command line accessWhat
is
jail chroot?
A chroot (short for change root) is a Unix operation that changes the apparent root directory to the one specified by the user.
Any process that runs after a chroot operation has access only to the newly defined root directory and its subdirectories. This operation is colloquially known as a jail chroot since these processes cannot read or write outside the new root directory.
What is chroot prison used for?
Chroot’s jail is used to create a limited sandbox for a process to run. This means that a process cannot maliciously change data outside the prescribed directory tree.
Another use for chroot prisons is as a substitute for virtual machines. This method is called kernel-level virtualization and requires fewer resources than virtual machines. This operation allows users to create multiple isolated instances on the same system.
How to use the chroot jail
This example walks you through creating and configuring the chroot jail so that you can run the bash and ls commands
.
Follow these steps:
1. Create a new directory named
chroot_jail: mkdir chroot_jail If we try chroot in the new directory, we get the following result: You must enable the bash command before you can
chroot in
the new directory.
This requires copying the script and all associated libraries to the new root directory. 2.
Create a new subdirectory tree within
chroot_jail: mkdir -p chroot_jail/bin chroot_jail/lib64/x86_64-linux-gnu chroot_jail/lib/x86_64-linux-gnu
These subdirectories will store all the necessary elements of the bash and ls commands
.
3. Using the cp command with the which command allows you to copy the bash and ls commands without specifying the path from which you are copying.
To do this, use:
cp $(que ls) chroot_jail/bin/ cp $(which bash) chroot_jail/bin/
4. For bash and ls to work in the new root folder, add all associated libraries to chroot_jail/libraries. Use the ldd command to find out which libraries are associated with which command:
ldd $(which bash) ldd $(which ls)
5. Copy the appropriate libraries to the subdirectories chroot_jail lib and lib64.
For the
bash
command: cp /lib/x86_64-linux-gnu/libtinfo.so.6 chroot_jail/lib/x86_64-linux-gnu/ cp /lib/x86_64-linux-gnu/libdl.so.2 chroot_jail/lib/x86_64-linux-gnu/ cp /lib/x86_64-linux-gnu/libc.so.6 chroot_jail/lib/x86_64-linux-gnu/ cp /lib64/ld-linux-x86-64.so.2 chroot_jail/lib64/
For the ls command:
cp /lib/x86_64-linux-gnu/libselinux.so.1 chroot_jail/lib/x86_64-linux-gnu/ cp /lib/x86_64-linux-gnu/libc.so.6 chroot_jail/lib/x86_64-linux-gnu/ cp /lib/x86_64-linux-gnu/libpcre2-8.so.0 chroot_jail/lib/x86_64-linux-gnu/ cp /lib/x86_64-linux-gnu/libdl.so.2 chroot_jail/lib/x86_64-linux-gnu/ cp /lib64/ld-linux-x86-64.so.2 chroot_jail/lib64/ cp /lib/x86_64-linux-gnu/libpthread.so.0 chroot_jail/lib/x86_64-linux-gnu/
6. Use the chroot command to change the root to the chroot_jail: sudo chroot directory chroot_jail Use
the ls command
to list all files and directories in the new root directory tree: ls
-R
7. Once you have finished using
the new root folder, exit the shell: exit
Conclusion
After following this tutorial, you should be able to configure a chroot jail, along with the resources needed to run processes and commands in the new root directory
.
For more information on Linux commands, see our Linux Command Cheat Sheet.