Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Chroot
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
{{Short description|Shell command and system call that changes the apparent root directory}} {{lowercase|title=chroot}} {{Infobox software | name = chroot | logo = | screenshot = Chroot-command-example.png | screenshot size = | caption = Example usage of <code>chroot</code> in [[Raspberry Pi OS]] running an interactive shell within a special root directory | author = [[Bill Joy]], [[Bell Labs|AT&T Bell Laboratories]] | developer = Various [[open-source software|open-source]] and [[commercial software|commercial]] developers | released = {{Start date and age|1979}} | latest release version = | latest release date = | operating system = [[Unix]], [[Unix-like]], [[Plan 9 from Bell Labs|Plan 9]], [[Inferno (operating system)|Inferno]] | platform = [[Cross-platform]] | genre = [[Command (computing)|Command]] | license = | website = }} '''<code>chroot</code>''' is a [[shell (computer)|shell]] [[command (computing)|command]] and a [[system call]] on [[Unix]] and [[Unix-like]] [[operating system]]s that changes the apparent [[root directory]] for the current running process and its [[Child process|children]]. A program that is run in such a modified environment cannot name (and therefore normally cannot access) files outside the designated directory tree. The term ''chroot'' may refer to the {{mono|chroot(2)}} [[system call]] or the {{mono|chroot(8)}} [[command-line interface|command-line]] utility. The modified environment is called a '''chroot jail'''. [[File:Chroot-from-gentoo-to-ubuntu.webm|thumb|Chroot: from Gentoo to Ubuntu]] ==History== The chroot system call was introduced during development of [[Version 7 Unix]] in 1979. One source suggests that [[Bill Joy]] added it on 18 March 1982 – 17 months before [[Berkeley Software Distribution|4.2BSD]] was released – in order to test its installation and build system.<ref>{{Cite web|url=https://docs.freebsd.org/44doc/papers/jail/jail-9.html|title=jail, section 9.|website=docs.freebsd.org|access-date=2016-03-14|archive-date=2017-01-05|archive-url=https://web.archive.org/web/20170105092247/https://docs.freebsd.org/44doc/papers/jail/jail-9.html|url-status=live}}</ref> All versions of BSD that had a kernel have chroot(2).<ref>{{Cite web|url=https://bsdimp.blogspot.com/2020/06/whither-chroot.html|title=Warner's Random Hacking Blog: Whither chroot?|first=Warner|last=Losh|date=February 2, 2000|access-date=June 28, 2020|archive-date=June 28, 2020|archive-url=https://web.archive.org/web/20200628214616/http://bsdimp.blogspot.com/2020/06/whither-chroot.html|url-status=live}}</ref><ref>{{Cite web|url=https://blog.dionresearch.com/2020/05/data-infrastructures-for-rest-of-us-iii.html|title=Data Infrastructures for the rest of us - III - software|date=17 May 2020 |access-date=2020-06-28|archive-date=2020-06-30|archive-url=https://web.archive.org/web/20200630201639/https://blog.dionresearch.com/2020/05/data-infrastructures-for-rest-of-us-iii.html|url-status=live}}</ref> An early use of the term "jail" as applied to chroot comes from [[William Cheswick|Bill Cheswick]] creating a [[Honeypot (computing)|honeypot]] to monitor a [[Hacker (computer security)|hacker]] in 1991.<ref>{{cite conference |url=https://www.cheswick.com/ches/papers/berferd.pdf |title=An Evening with Berferd: In Which a Cracker is Lured, Endured, and Studied |last1=Cheswick |first1=Bill |author-link1=William Cheswick |date=1991 |conference=[[USENIX]] |publisher=The Association |book-title=USENIX Summer Conference Proceedings, Volume 1 |pages=163 |location=San Francisco, California |access-date=2018-06-09 |archive-date=2018-11-05 |archive-url=https://web.archive.org/web/20181105012101/http://www.cheswick.com/ches/papers/berferd.pdf |url-status=live }}</ref> The first article about a jailbreak has been discussed on the security column of SunWorld Online which is written by Carole Fennelly; the August 1999 and January 1999 editions cover most of the chroot() topics.<ref>{{cite web|last1=Carole|first1=Fennelly|title=Summertime potluck|url=http://sunsite.uakom.sk/sunworldonline/swol-08-1999/swol-08-security.html|website=SunWorld Online|publisher=Carole Fennelly|archive-url=https://web.archive.org/web/20210928155456/http://sunsite.uakom.sk/sunworldonline/swol-08-1999/swol-08-security.html|archive-date=September 28, 2021|url-status=live}}</ref> To make it useful for [[Operating system–level virtualization|virtualization]], [[FreeBSD]] expanded the concept and in its 4.0 release in 2000 introduced the [[FreeBSD jail|jail]] command.<ref>{{cite web |url=http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/jails.html |title=FreeBSD Handbook "Jails" Chapter |last1=Riondato |first1=Matteo |website=freebsd.org |publisher=The FreeBSD Project |access-date=2018-10-30 |archive-date=2014-08-15 |archive-url=https://web.archive.org/web/20140815023159/http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/jails.html |url-status=live }}</ref> By 2002, an article written by Nicolas Boiteux described how to create a jail on Linux.<ref>{{cite web|last1=Nicolas|first1=Boiteux|title=chroot shell|url=http://membres.lycos.fr:80/code34/howtochroot1a/|website=lycos.fr|publisher=Nicolas Boiteux|archive-url=https://web.archive.org/web/20021014060228/http://membres.lycos.fr/code34/howtochroot1a/|access-date=24 March 2018|archive-date=2002-10-14|url-status=dead}}</ref> By 2003, first internet microservices providers with Linux jails provide SAAS/PAAS (shell containers, proxy, ircd, bots, ...) services billed for consumption into the jail by usage.<ref>{{cite web|title=Girafon|url=http://girafon.org:80/index.php?page=Girafon-hebergement-eggdrop-bot-ircd-24-pids-shell-linux-pour-un-paiement-allopass|website=girafon.org|publisher=girafon|archive-url=https://web.archive.org/web/20040612194051/http://girafon.org/index.php?page=Girafon-hebergement-eggdrop-bot-ircd-24-pids-shell-linux-pour-un-paiement-allopass|access-date=24 March 2018|archive-date=2004-06-12|url-status=dead}}</ref> By 2005, [[Sun Microsystems|Sun]] released [[Solaris Containers]] (also known as Solaris Zones), described as "chroot on steroids."<ref>{{cite book |last=Schmidt |first=Klaus |date=2006-09-02 |title=High Availability and Disaster Recovery: Concepts, Design, Implementation |url=https://books.google.com/books?id=adU_AAAAQBAJ&q=Solaris+Containers+chroot&pg=PA186 |publisher=Springer Science & Business Media |page=186 |isbn=9783540345824 |access-date=2014-08-21 |archive-date=2023-02-20 |archive-url=https://web.archive.org/web/20230220021312/https://books.google.com/books?id=adU_AAAAQBAJ&q=Solaris+Containers+chroot&pg=PA186 |url-status=live }}</ref> By 2008, [[LXC]] (upon which [[Docker (software)|Docker]] was later built) adopted the "container" terminology<ref>{{cite web |url=http://sourceforge.net/projects/lxc/files/lxc/ |title=SourceForge LXC Download Files |author=<!--Staff writer(s); no by-line.--> |website=sourceforge.net |access-date=2014-08-21 |archive-date=2014-08-19 |archive-url=https://web.archive.org/web/20140819223537/http://sourceforge.net/projects/lxc/files/lxc/ |url-status=live }}</ref> and gained popularity in 2013 due to inclusion into [[Linux kernel]] 3.8 of [[Linux namespaces|user namespaces]].<ref>{{cite web |url=http://www.haifux.org/lectures/320/netLec8_final.pdf |title=Linux Containers and the Future Cloud |last1=Rosen |first1=Rami |date=2014-03-26 |access-date=2014-08-21 |archive-date=2016-04-18 |archive-url=https://web.archive.org/web/20160418204630/http://www.haifux.org/lectures/320/netLec8_final.pdf |url-status=live }}</ref> ==Uses== A chroot environment can be used to create and host a separate [[Operating-system-level virtualization|virtualized]] copy of the software system. This can be useful for: ; Testing and development : A test environment can be set up in the chroot for software that would otherwise be too risky to deploy on a production system. ; Dependency control : Software can be developed, built and tested in a chroot populated only with its expected dependencies. This can prevent some kinds of linkage skew that can result from developers building projects with different sets of program libraries installed. ; Compatibility : Legacy software or software using a different [[application binary interface|ABI]] must sometimes be run in a chroot because their supporting libraries or data files may otherwise clash in name or linkage with those of the host system. ; Recovery : Should a system be rendered unbootable, a chroot can be used to move back into the damaged environment after bootstrapping from an alternate root file system (such as from installation media, or a [[Live CD]]). ; Privilege separation : Programs are allowed to carry open [[file descriptor]]s (for files, [[pipeline (Unix)|pipelines]] and network connections) into the chroot, which can simplify jail design by making it unnecessary to leave working files inside the chroot directory. This also simplifies the common arrangement of running the potentially vulnerable parts of a privileged program in a sandbox, in order to pre-emptively contain a security breach. Note that chroot is not necessarily enough to contain a process with root privileges. ==Limitations== The chroot mechanism is not intended to defend against intentional tampering by privileged (root) users. A notable exception is [[NetBSD]], on which chroot is considered a security mechanism and no escapes are known. On most systems, chroot contexts do not stack properly and chrooted programs with sufficient privileges may perform a [https://web.archive.org/web/20160127150916/http://www.bpfh.net/simes/computing/chroot-break.html second chroot] to break out. To mitigate the risk of this security weakness, chrooted programs should relinquish root privileges as soon as practical after chrooting, or other mechanisms – such as [[FreeBSD jail]]s – should be used instead. Note that some systems, such as [[FreeBSD]], take precautions to prevent a second chroot attack.<ref>{{Cite web|url=https://www.freebsd.org/cgi/man.cgi?query=chroot&sektion=2&n=1|title=chroot(2)|website=www.freebsd.org|access-date=2020-12-02|archive-date=2020-09-18|archive-url=https://web.archive.org/web/20200918091526/https://www.freebsd.org/cgi/man.cgi?query=chroot&sektion=2&n=1|url-status=live}}</ref> On systems that support device nodes on ordinary filesystems, a chrooted [[superuser|root user]] can still create device nodes and mount the file systems on them; thus, the chroot mechanism is not intended by itself to be used to block low-level access to system devices by privileged users. It is not intended to restrict the use of resources like [[Input/output|I/O]], bandwidth, disk space or CPU time. Most Unixes are not completely file system-oriented and leave potentially disruptive functionality like networking and process control available through the system call interface to a chrooted program. At startup, programs expect to find [[scratch space]], configuration files, [[device node]]s and [[shared library|shared libraries]] at certain preset locations. For a chrooted program to successfully start, the chroot directory must be populated with a minimum set of these files. This can make chroot difficult to use as a general sandboxing mechanism. Tools such as [https://olivier.sessink.nl/jailkit/ Jailkit] can help to ease and automate this process. Only the [[superuser|root user]] can perform a chroot. This is intended to prevent users from putting a [[setuid]] program inside a specially crafted chroot jail (for example, with a fake {{mono|[[/etc/passwd]]}} and {{mono|[[/etc/shadow]]}} file) that would fool it into a [[privilege escalation]]. Some Unixes offer extensions of the chroot mechanism to address at least some of these limitations (see [[Operating system-level virtualization#Implementations|Implementations of operating system-level virtualization technology]]). ==Graphical applications on chroot== It is possible to run graphical applications on a chrooted environment, using methods such as:<ref>{{cite web |url=http://wiki.mandriva.com/en/Development/Howto/Chroot#Launch_X_Applications_inside_the_chroot |title=Development/Howto/Chroot |website=Mandriva Wiki |date=25 July 2011 |url-status=dead |archive-url=https://web.archive.org/web/20140326175547/http://wiki.mandriva.com/en/Development/Howto/Chroot |archive-date=2014-03-26}}</ref><ref>{{cite web |url=http://www.gentoo-wiki.info/HOWTO_startx_in_a_chroot |title=HOWTO startx in a chroot|website=Gentoo Wiki|access-date=2011-10-13 |url-status=dead |archive-url=https://web.archive.org/web/20110831200622/http://www.gentoo-wiki.info/HOWTO_startx_in_a_chroot |archive-date=2011-08-31 }}</ref> * Use [[xhost]] (or copy the secret from .Xauthority) * Nested X servers like [[Xnest]] or the more modern [[Xephyr]] (or start a real X server from inside the jail) * Accessing the chroot via [[Secure Shell|SSH]] using the X11 forwarding (ssh -X) feature * [http://www.elstel.org/xchroot/ xchroot] an extended version of chroot for users and Xorg/X11 forwarding (socat/mount) * An X11 [[VNC]] server and connecting a [[VNC]] client outside the environment. * Atoms is a Linux Chroot Management Tool with a User-Friendly GUI.<ref>{{Cite web |last=David |first=Redfield |date=October 10, 2023 |title=Atoms is a Linux Chroot Management Tool with a User-Friendly GUI |url=https://linuxtldr.com/atoms-tool/ }}</ref> ==Notable applications== The [[Postfix (software)|Postfix]] mail transfer agent may operate as a pipeline of individually chrooted helper programs.<ref>{{cite web |title=Postfix Basic Configuration |url=https://www.postfix.org/BASIC_CONFIGURATION_README.html#chroot_setup |access-date=2025-02-17 |website=Postfix Home Page}}</ref> Like 4.2BSD before it, the Debian and Ubuntu internal package-building farms use chroots extensively to catch unintentional build dependencies between packages. [[SUSE Linux|SUSE]] uses a similar method with its ''build'' program. Fedora, Red Hat, and various other RPM-based distributions build all [[RPM Package Manager|RPMs]] using a chroot tool such as [http://fedoraproject.org/wiki/Projects/Mock mock]. Many [[FTP server]]s for POSIX systems use the chroot mechanism to sandbox untrusted FTP clients. This may be done by forking a process to handle an incoming connection, then chrooting the child (to avoid having to populate the chroot with libraries required for program startup). If privilege separation is enabled, the [[OpenSSH]] daemon will chroot an unprivileged helper process into an empty directory to handle pre-authentication network traffic for each client. The daemon can also sandbox SFTP and shell sessions in a chroot (from version 4.9p1 onwards).<ref>{{cite web|title = sshd_config(5) manual page|url = https://man.openbsd.org/sshd_config.5|access-date = 2018-02-04|date = 2017-10-26|archive-date = 2018-02-05|archive-url = https://web.archive.org/web/20180205001013/https://man.openbsd.org/sshd_config.5|url-status = live}}</ref> [[ChromeOS]] can use a chroot to run a Linux instance using [[Crouton (computing)|Crouton]],<ref>{{cite web|title=Chromium OS Universal Chroot Environment (on github)|website=[[GitHub]] |url=https://github.com/dnschneid/crouton|access-date=2016-12-17|archive-date=2016-11-25|archive-url=https://web.archive.org/web/20161125200701/https://github.com/dnschneid/crouton|url-status=live}}</ref> providing an otherwise thin OS with access to hardware resources. The security implications related in this article apply here. ==Linux host kernel virtual file systems and configuration files== To have a functional chroot environment in Linux, the kernel virtual file systems and configuration files also have to be mounted/copied from host to chroot. <syntaxhighlight lang="sh"> # Mount Kernel Virtual File Systems TARGETDIR="/mnt/chroot" mount -t proc proc $TARGETDIR/proc mount -t sysfs sysfs $TARGETDIR/sys mount -t devtmpfs devtmpfs $TARGETDIR/dev mount -t tmpfs tmpfs $TARGETDIR/dev/shm mount -t devpts devpts $TARGETDIR/dev/pts # Copy /etc/hosts /bin/cp -f /etc/hosts $TARGETDIR/etc/ # Copy /etc/resolv.conf /bin/cp -f /etc/resolv.conf $TARGETDIR/etc/resolv.conf # Link /etc/mtab chroot $TARGETDIR rm /etc/mtab 2> /dev/null chroot $TARGETDIR ln -s /proc/mounts /etc/mtab </syntaxhighlight> ==See also== * [[List of Unix commands]] * [[Operating system-level virtualization]] * [[Sandbox (computer security)]] * [[sudo]] ==References== {{Reflist}} ==External links== * {{man|2|chroot|FreeBSD|change root directory}} * {{man|8|chroot|FreeBSD|change root directory}} * {{man|2|chroot|Linux|change root directory}} * [http://whiteboard.ping.se/Android/Debian Integrating GNU/Linux with Android using chroot] {{Unix commands}} {{Core Utilities commands}} [[Category:Computer security procedures]] [[Category:Free virtualization software]] [[Category:Unix process- and task-management-related software]] [[Category:Virtualization software]] [[Category:Linux kernel features]] [[Category:System calls]]
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)
Pages transcluded onto the current version of this page
(
help
)
:
Template:Cite book
(
edit
)
Template:Cite conference
(
edit
)
Template:Cite web
(
edit
)
Template:Core Utilities commands
(
edit
)
Template:Infobox
(
edit
)
Template:Infobox software
(
edit
)
Template:Lowercase
(
edit
)
Template:Main other
(
edit
)
Template:Man
(
edit
)
Template:Mono
(
edit
)
Template:Reflist
(
edit
)
Template:Short description
(
edit
)
Template:Template other
(
edit
)
Template:Unix commands
(
edit
)