Chroot
|
The command chroot, like many unix commands, is extremely simple in its operation, but extremely versatile in its application. It is most notable in its use for creating chroot jails.
All chroot does is -for all child processes- replace the root directory on a unix system with one of the operators' choosing.
Since on a unix system, almost everything is either a file or a directory, this very simple operation can have profound effects.
Contents |
Trivial chroot
For a trivial chroot, nothing in the new environment will work, since programs no longer have access to any hardware or operating system libraries or services.
Sandbox (chroot jail)
You can create a sandbox using chroot.
An operator can carefully and selectively allow access to a small number of operating system features. (S)he does this by simply copying them into the chrooted directory. They're all just files and directories after all.
These files and directories are chosen specifically as those the operator thinks (s)he can keep under careful scrutiny and control. This is called a chroot jail. It is used to halt crackers ("you can break in, but you can't break out"), or to test new and as yet unreliable programs which might otherwise trash the system.
See chroot jail for more details.
Entirely different distribution
You can even install and run an entirely different version or distribution of your operating system inside the chrooted environment, by simply copying those files to the relevant directory, and chrooting into it. This is done, for example, to install a Linux From Scratch system, or to install from a LiveCD. Note that you can't really run an entirely different operating system in this way, because the kernel is still shared between the 2 systems.
References
- http://www.gnu.org/software/coreutils/manual/html_chapter/coreutils_22.html#SEC145 GNU Project documentation
- http://www.freebsd.org/cgi/man.cgi?query=chroot&manpath=4.4BSD+Lite2&format=html chroot man page from 4.4BSD