Linux Commands

The Linux Chroot Command

2 years ago
by Denis Kariuki
Every process running on a Linux system has a root directory, the working directory. When you need to change the root directory, chroot is the command to use. Using the chroot command changes the root directory of a process and its children. Furthermore, changing the root directory denies you access to other files in different directories. The chroot command is useful when you need to reset a forgotten password or reinstall the boot loader of your system.

Before changing into a different directory using chroot, the target directory must be mounted using the mount command. Mounting the directory is possible even after navigating to it. But it’s recommended to do so before using the chroot command. The modified directory is called the chroot jail or jailed directory.

The basic syntax of using the chroot command is:

$ chroot [option] [path-to-new] [command]

Key Uses of the chroot Linux Command:

There are 3 uses for the command:

  • To recover forgotten Linux password
  • To reinstall the boot loader
  • To create a test environment

chroot Command Options

1. –help: used when opening up the help page

2. -groups=G_LIST: used when specifying supplementary groups.

3. userspec=USER:GROUP: used when specifying the group name or ID.

4. –version: used when getting the chroot version

Example Usage

To use the chroot command, begin by creating the directory to navigate.

$ mkdir $HOME/test-jail

Here, test-jail is our new directory.

Next, create other directories, bin and lib64, inside the test-jail directory. For this, use the command below:

$ mkdir -p $HOME/test-jail/{bin,lib64}

With the directories created, you can now navigate the directory without using chroot.

$ cd $HOME/test-jail

For our example, we will add the ls and bin commands into the created chroot jail using the commands below:

$ cp -v /bin/{bash, ls} $HOME/test-jail/bin

Once you copy the files, you must add the dependencies for the binaries. To add the binaries, use the ldd and add binaries for shared libraries, as shown below.

$ ldd /bin/bash

The above output adds binaries for the bash. Proceed to add for the ls using the same syntax.

$ ldd /bin/ls

For the binaries added, you must copy their libraries. For instance, the image above shows the libraries for the ls dependencies that you should add to proceed to use the command in the chroot jail.

You can copy the libraries one by one or create a bash script to copy all the files simultaneously.

For instance, to copy the /bin/bash libraries, you can use the script below and run it in the current directory in the chroot directory.

The syntax below will copy the libraries one by one.

$ cp -v [library-to-copy] $HOME/jail/lib64

Ensure to copy the libraries for the ls and the bash.

Once all the libraries are copied, it’s time to use the chroot command to navigate our created chroot jail directory.

Here, you can use either ls or bash. Let’s use the bash with the chroot, as shown below.

$ sudo chroot $HOME/test-jail /bin/bash

That will move you into the chroot directory from which you can’t access other directories or files outside it.

If you wish to leave the chroot jail, type exit on the command line. Finally, you will navigate to the normal root directory for your system.

Conclusion

This guide covered the chroot command and how you can use the different options it offers to create a chroot jail and navigate into it. The bottom line is that the chroot command is a simple but effective Linux command. We’ve seen how you can use it to create virtual environments and build a chroot jail that works independently of the main system.

About the author

Denis Kariuki

Denis is a Computer Scientist with a passion for Networking and Cyber Security. I love the terminal, and using Linux is a hobby. I am passionate about sharing tips and ideas about Linux and computing.

View all posts