Linux 101 : Securing your environment - CHROOT -

Chroot is a way to dictate what a process or a user can access to on a filesystem.

We achieve that by changing the root directory of the running process.
The new root directory of the process is called "jail".
The running - current- process and its children - the sub-programs it starts - will be unable to go beyond their "jail root" into other parts of the filesystem.

In our "jail root" example, the "
/home/debian" directory will be the highest level in its "jailed filesystem".

When we change the root directory "/" to the "/home/debian "directory, the root directory - highest level in the "jail rootfilesystem becomes the "/home/debian" directory.

The entire filesystem, becomes the "/home/debian" directory and it subdirectories.

So processes that run in that environment are restricted to that isolated filesystem, its files and directories.

To change the "root" directory for the current process, we use the "chroot" command as below:

The "/bin/bash" represents the program that starts after we run the "chroot" command.

Before running our command, we create all the directories and copy all the files and programs, we need in our new filesystem:

After running the "chroot" command, we will find all the files, programs and necessary libraries the we have copied from the "original" root filesystem before we "chroot".

Since the "bash" program starts after we "chroot", all the built-in bash commands are going to be available to us.

To exit the "chroot" environment, we simply use the "exit" command.


Leave as a comment: