What is chroot jail and How to Use it?

April 15, 2021

Introduction

The term chroot jail dates all the way back to 1992 and is frequently used today. But what does this term mean, and what is this operation used for?

In this tutorial, we will cover the basics of using chroot jails and show you how you can set one up.

What is chroot jail and how to use it

Prerequisites

  • A system running a Linux or Unix operating system
  • A user account with sudo-level privileges
  • Access to the terminal/command line

What Is chroot jail?

A chroot (short for change root) is a Unix operation that changes the apparent root directory to the one specified by the user.

Any process you run after a chroot operation only has access to the newly defined root directory and its subdirectories. This operation is colloquially known as a chroot jail since these processes cannot read or write outside the new root directory.

What Is chroot jail Used for?

Chroot jail is used to create a limited sandbox for a process to run in. This means a process cannot maliciously change data outside the prescribed directory tree.

Another use for chroot jails is as a substitute for virtual machines. This method is called kernel-level virtualization and requires fewer resources than virtual machines. This operation allows users to create multiple isolated instances on the same system.

How to Use chroot jail

This example takes you through creating and setting up chroot jail so it can run bash and ls commands.

Follow these steps:

1. Create a new directory called chroot_jail:

mkdir chroot_jail

If we try to chroot into the new directory, we get the following output:

The result of an unsuccessful chroot attempt

You must enable the bash command before you can chroot into the new directory. This requires copying the command file and all associated libraries into the new root directory.

2. Create a new subdirectory tree inside chroot_jail:

mkdir -p chroot_jail/bin chroot_jail/lib64/x86_64-linux-gnu chroot_jail/lib/x86_64-linux-gnu

These subdirectories will store all the necessary elements of the bash and ls commands.

3. Using the cp command with the which command lets copy bash and ls commands without specifying the path you are copying from.

To do so, use:

cp $(which ls) chroot_jail/bin/
cp $(which bash) chroot_jail/bin/

Note: If your bash or ls command are aliased, you need to unalias them before copying. Use unalias [command], where [command] is the name of the command you want to unalias.

4. For bash and ls to work in the new root folder,  add all associated libraries to chroot_jail/libraries. Use the ldd command to find out which libraries are associated with which command:

ldd $(which bash)
ldd $(which ls)
Listing the libraries associated with the bash and ls commands

5. Copy the appropriate libraries to the chroot_jail subdirectories lib and lib64.

For the bash command:

cp /lib/x86_64-linux-gnu/libtinfo.so.6 chroot_jail/lib/x86_64-linux-gnu/
cp /lib/x86_64-linux-gnu/libdl.so.2 chroot_jail/lib/x86_64-linux-gnu/
cp /lib/x86_64-linux-gnu/libc.so.6 chroot_jail/lib/x86_64-linux-gnu/
cp /lib64/ld-linux-x86-64.so.2 chroot_jail/lib64/

For the ls command:

cp /lib/x86_64-linux-gnu/libselinux.so.1 chroot_jail/lib/x86_64-linux-gnu/
cp /lib/x86_64-linux-gnu/libc.so.6 chroot_jail/lib/x86_64-linux-gnu/
cp /lib/x86_64-linux-gnu/libpcre2-8.so.0 chroot_jail/lib/x86_64-linux-gnu/
cp /lib/x86_64-linux-gnu/libdl.so.2 chroot_jail/lib/x86_64-linux-gnu/
cp /lib64/ld-linux-x86-64.so.2 chroot_jail/lib64/
cp /lib/x86_64-linux-gnu/libpthread.so.0 chroot_jail/lib/x86_64-linux-gnu/

6. Use the chroot command to change the root to the chroot_jail directory:

sudo chroot chroot_jail
Successfully chrooting into the new root directory

Note: Changing the root to the chroot_jail directory starts a new instance of the bash shell.

Use the ls command to list all the files and directories in the new root directory tree:

ls -R
Listing the files and folders in the new root directory

7. Once you are done using the new root folder, exit the shell:

exit

Conclusion

After following this tutorial, you should be able to set up a chroot jail, along with the necessary resources to run processes and commands in the new root directory.

For more information on Linux commands, check out our Linux Command Cheat Sheet.

Was this article helpful?
YesNo
Aleksandar Kovačević
With a background in both design and writing, Aleksandar Kovacevic aims to bring a fresh perspective to writing for IT, making complicated concepts easy to understand and approach.
Next you should read
man Command in Linux with Examples
November 27, 2024

The man command is a built-in Linux utility that allows users to search for any available command and...
Read more
How to Use the usermod Command in Linux
March 4, 2021

The usermod command modifies user account details: username, password, home directory location, shell, and…
Read more
How To Use The Passwd Command In Linux
January 26, 2021

Passwords are the most important feature of security. This article explains and shows examples of how to use...
Read more
How to Use the hostname Command in Linux
October 8, 2020

The Linux hostname command lets you view your computer's domain, hostname, and IP address. You can also use it...
Read more