Chroot Linux command with examples

Chroot command with examples on Linux

This tutorial will explain the chroot Linux command using real examples.

The chroot Linux command is a shorthand for “change root”. We use it to change the apparent root directory for a running process and its children. Chroot runs a command with a specified root directory and is executed by the superuser, commonly known as the root user on many Linux systems. In the following paragraphs, we will explain the syntax of the command, describe the options within the command in more detail, and show you real-life examples used daily by Linux system administrators.

Prerequisites

  • A server running Ubuntu 22.04 or any Linux OS (CentOS, Debian, or AlmaLinux)
  • User privileges: root or non-root user with sudo privileges

Chroot Linux Syntax

The syntax of the chroot command is the following one:

chroot option newroot [command [args]…]

Chroot changes the root directory to the newroot directory on the server, which must exist. It then changes the working directory to / and finally runs the command with optional arguments. We go over this in more detail in the following paragraphs:

Chroot Linux Options

The chroot command accepts a couple of options:

  • –groups=groups: The group option overrides the supplementary group used by the new process. If we want to disable the supplementary group, we need to use –groups=” and separate them by commas.
  • –userspec=user[:group]: This option is to run the command with a different user and/or with a different group. If the user is specified, then the groups are set according to the system-defined list for that user.
  • –skip-chdir: Using this option will not change the working directory to / after changing the root directory to newroot inside the chroot. Remember that this option is permitted only when the newroot is some old directory on the server.

Chroot Linux Examples

We already mentioned in the previous paragraphs that chroot changes the root directory of the running process with its children. It is good to know, that this modifies the environment of the process and the process can not access the files outside the root directory. This modified directory is called chroot jailed directory.

Let’s proceed with a real example and create a new jailed root directory on our server located in the home directory.

mkdir -p /home/jail/

Once the directory is created, we have to create a couple of directories from the / directory. Let’s first list the content of / directory:

ls -al /

You should receive the following output:

root@host:/# ls -al /
total 76
drwxr-xr-x  20 root root  4096 Mar  2 04:13 .
drwxr-xr-x  20 root root  4096 Mar  2 04:13 ..
lrwxrwxrwx   1 root root     7 Aug  9  2023 bin -> usr/bin
drwxr-xr-x   3 root root  4096 Mar  2 04:12 boot
dr-xr-xr-x   2 root root  4096 Aug 10  2023 cdrom
drwxr-xr-x  19 root root  3960 Mar  2 08:29 dev
drwxr-xr-x 107 root root  4096 Mar  2 04:14 etc
drwxr-xr-x   2 root root  4096 Jan 16 04:29 home
lrwxrwxrwx   1 root root     7 Aug  9  2023 lib -> usr/lib
lrwxrwxrwx   1 root root     9 Aug  9  2023 lib32 -> usr/lib32
lrwxrwxrwx   1 root root     9 Aug  9  2023 lib64 -> usr/lib64
lrwxrwxrwx   1 root root    10 Aug  9  2023 libx32 -> usr/libx32
drwx------   2 root root 16384 Jan 16 04:22 lost+found
drwxr-xr-x   2 root root  4096 Aug  9  2023 media
drwxr-xr-x   2 root root  4096 Aug  9  2023 mnt
drwxr-xr-x   3 root root  4096 Mar  4 08:15 opt
dr-xr-xr-x 172 root root     0 Mar  2 08:29 proc
drwx------   6 root root  4096 Mar  4 07:55 root
drwxr-xr-x  31 root root   920 Mar  4 08:16 run
lrwxrwxrwx   1 root root     8 Aug  9  2023 sbin -> usr/sbin
drwxr-xr-x   6 root root  4096 Aug  9  2023 snap
drwxr-xr-x   2 root root  4096 Aug  9  2023 srv
dr-xr-xr-x  13 root root     0 Mar  2 08:29 sys
drwxrwxrwt  13 root root  4096 Mar  4 08:09 tmp
drwxr-xr-x  14 root root  4096 Aug  9  2023 usr
drwxr-xr-x  14 root root  4096 Mar  2 04:13 var

Now, let’s choose one directory from this list, for example, bin, and create it into the new jailed root:

mkdir -p /home/jail/bin/

After creation, copy bash from /bin to the new jail root /home/jail/bin/

rsync -Waq /bin/bash /home/jail/bin
Next is to copy the required libraries into the /home/jail/. To check those libraries execute the following command:
ldd /bin/bash

Copy them into the /home/jail/lib64/

rsync -Waq /lib/x86_64-linux-gnu/libtinfo.so.6 /lib/x86_64-linux-gnu/libc.so.6 /lib64/ld-linux-x86-64.so.2 /home/jail/lib64

Next is to chroot to the new jailed directory:

chroot /home/jail/ /bin/bash

That’s it. Now, the user sees the /home/jail directory as its root directory. Of course, you do not have to create jailed roots alone. Sign up for one of our NVMe VPS plans and submit a support ticket. Our admins will help you with any aspect of this. Feel free to contact us. We are available 24/7.

PS. If you liked this post about the chroot Linux commands with examples, please share it with your friends on social networks or comment in the comments section. Thank you.

Leave a Comment