Learn How to Implement 'chroot' in Linux

·

4 min read

Learn How to Implement 'chroot' in Linux

chroot:

chroot is powerful tool that creates contained environment . It is used for:

Isolated space: It is used to set up a special file system that appears to be the root directory for any process running within it.

Limited Access: Programs or shells (like Bash) running in "chroot jail" can't access files outside this isolated environment. This is similar as use of VLAN to differentiate network traffic.

Security Benefits: The access restriction makes chroot useful for security purposes, like running untrusted code or isolating services.

Why to use chroot ?

The awesome tool 'chroot' is multipurpose in itself
Security You can run untrusted code in a contained environment to prevent damage to your main system.

Isolation: Isolate services or processes to ensure they don't interfere with each other parts of your system

Lightweight Virtualization: To simulate a separate system without the overhead of a full virtual machine.

Faster Setup: It is quicker to deploy compared to virtual machines due to shared kernel usage.

Customization: To install only necessary components within the chroot for specific tasks

Creating a chroot Environment

We will be needing a directory to act as the root directory of the chroot environment. So we are here setting up a variable to store a path to the "root-test" directory.

chr=/home/user/testroot

-p (parents) option is used here to ensure any missing parent directories and created at the same time

mkdir -p $chr

To create bin, lib, lib64 within $chroot direcoty

mkdir -p $chr/{bin,lib,lib64}

Now change directory into our new root directory.

cd $chr

Now, copy the binaries that we need in our minimalist linux environment from regular '/bin' directory into our chroot '/bin' firectory.

cp -v /bin/{bash,touch,ls,rm} $chr/bin

It displays

Find dependencies of programs (like bash) using ldd and copy them to your chroot for proper functioning.

ldd /bin/bash

  • Using ldd to find dependencies of a program (e.g., /bin/bash & filtering the output with egrep to keep only library files (.so) ending in numbers. Storing the list of library files in a variable (list)
list="$(ldd /bin/bash | egrep -o '/lib.*\.[0-9]')"

Checking contents

echo $list

Loop through each item (i) in the list ($list). Use cp with -v (verbose) and --parents options to copy the file ($i) to the chroot root directory ($chr). --parents ensures creation of missing directories in the chroot.

for i in $list; do cp -v --parents "$i" "${chr}"; done

Reusing the looping script (copy with -v and --parents) to copy dependencies for other programs (just change the program name in ldd command).

list="$(ldd /bin/touch | egrep -o '/lib.*\.[0-9]')"

We can now repeat the exact same loop command as before:

for i in $list; do cp -v --parents "$i" "${chr}"; done

Now , lets edit the list command line for ls:

list="$(ldd /bin/ls | egrep -o '/lib.*\.[0-9]')"

Again,we will use the same loop command. It doesn't care what files are in the list. It works forcefully through the list copying the files for us.

for i in $list; do cp -v --parents "$i" "${chr}"; done

We edit the list command line to make it work for rm

list="$(ldd /bin/ls | egrep -o '/lib.*\.[0-9]')"

We use the looping copy command one last time:

for i in $list; do cp -v --parents "$i" "${chr}"; done

Now , lets use the chroot environment

sudo chroot $chr /bin/bash

We can try different commands in chroot environment

ls

We can use touch to create a file, ls to list it, and rm to remove it.

touch sample.txt
ls
rm sample.txt
ls

We can also use built-in commands that bash shell provides.

help

Use exit to leave chroot environment

Incase you want to remove chroot environment

rm -r root-test/

This will recursively all the files and directories in the chroot environment.

If your reached here reading this. Thank you for reading. I hope this was useful for you.