chroot:
chroot is powerful tool that creates contained environment . It is used for:
Isolated space: It is used to set up a special file system that appears to be the root directory for any process running within it.
Limited Access: Programs or shells (like Bash) running in "chroot jail" can't access files outside this isolated environment. This is similar as use of VLAN to differentiate network traffic.
Security Benefits: The access restriction makes chroot useful for security purposes, like running untrusted code or isolating services.
Why to use chroot ?
The awesome tool 'chroot' is multipurpose in itself
Security You can run untrusted code in a contained environment to prevent damage to your main system.
Isolation: Isolate services or processes to ensure they don't interfere with each other parts of your system
Lightweight Virtualization: To simulate a separate system without the overhead of a full virtual machine.
Faster Setup: It is quicker to deploy compared to virtual machines due to shared kernel usage.
Customization: To install only necessary components within the chroot for specific tasks
Creating a chroot Environment
We will be needing a directory to act as the root directory of the chroot environment. So we are here setting up a variable to store a path to the "root-test" directory.
chr=/home/user/testroot
-p (parents) option is used here to ensure any missing parent directories and created at the same time
mkdir -p $chr
To create bin, lib, lib64 within $chroot direcoty
mkdir -p $chr/{bin,lib,lib64}
Now change directory into our new root directory.
cd $chr
Now, copy the binaries that we need in our minimalist linux environment from regular '/bin' directory into our chroot '/bin' firectory.
cp -v /bin/{bash,touch,ls,rm} $chr/bin
It displays
Find dependencies of programs (like bash) using ldd
and copy them to your chroot for proper functioning.
ldd /bin/bash
- Using
ldd
to find dependencies of a program (e.g.,/bin/bash
& filtering the output withegrep
to keep only library files (.so
) ending in numbers. Storing the list of library files in a variable (list
)
list="$(ldd /bin/bash | egrep -o '/lib.*\.[0-9]')"
Checking contents
echo $list
Loop through each item (i
) in the list ($list
). Use cp
with -v
(verbose) and --parents
options to copy the file ($i
) to the chroot root directory ($chr
). --parents
ensures creation of missing directories in the chroot.
for i in $list; do cp -v --parents "$i" "${chr}"; done
Reusing the looping script (copy with -v
and --parents
) to copy dependencies for other programs (just change the program name in ldd
command).
list="$(ldd /bin/touch | egrep -o '/lib.*\.[0-9]')"
We can now repeat the exact same loop command as before:
for i in $list; do cp -v --parents "$i" "${chr}"; done
Now , lets edit the list command line for ls:
list="$(ldd /bin/ls | egrep -o '/lib.*\.[0-9]')"
Again,we will use the same loop command. It doesn't care what files are in the list. It works forcefully through the list copying the files for us.
for i in $list; do cp -v --parents "$i" "${chr}"; done
We edit the list command line to make it work for rm
list="$(ldd /bin/ls | egrep -o '/lib.*\.[0-9]')"
We use the looping copy command one last time:
for i in $list; do cp -v --parents "$i" "${chr}"; done
Now , lets use the chroot environment
sudo chroot $chr /bin/bash
We can try different commands in chroot environment
ls
We can use touch
to create a file, ls
to list it, and rm
to remove it.
touch sample.txt
ls
rm sample.txt
ls
We can also use built-in commands that bash shell provides.
help
Use exit to leave chroot environment
Incase you want to remove chroot environment
rm -r root-test/
This will recursively all the files and directories in the chroot environment.
If your reached here reading this. Thank you for reading. I hope this was useful for you.