Chroot environments
From Linux 101, The beginner's guide to all things Linux.
Chroot Environments are a way of providing an additional level of security for programs. Chroot works by changing the root (/) context to some subdirectory of the original root. For example,
- #
chroot /var/apacheroot
Would make the /var/apacheroot the / directory for the current shell. This improves security by giving programs access to a single part of the filesystem. Since there is no parent directory to '/', the program cannot escape to the rest of the filesystem should it become compromised.
Chroot is also available as a system call, allowing programs with sufficient privileges to change the root during execution.
It is important to note that chroot is not the end all of security. It is possible for a program to escape the chroot environment if it has root user privileges. It is therefore important to run programs being isolated this way as unprivileged users.
Chroot environments are also often called chroot jails by users.
Chroot environments have other, non-security uses as well, including system installation and recovery. Gentoo users are familiar with the
- #
chroot /mnt/gentoo
mantra during installation. It can also be used to gain normal access to the root filesystem on your disk after booting from a linux cdrom (e.g. access as "/", not "/mnt/harddiskroot").
