0
A terminal prompt on a Linux laptop's screen.
Fatmawati Achmad Zaenuri/Shutterstock.com

The chroot command can send you to jail, keep your development or test environments isolated, or just improve your system’s security. We show you the easiest way to use it.

What’s a chroot?

If you try to measure the usefulness of a command, you must take into account the functionality it provides and its ease of use. If it is too complicated for people to use or too long-winded to make them want to try to use it, the functionality might as well be zero. If no one uses it, it doesn’t provide any functionality.

In discussions with Linux users—in person and on forums—it seems that the chroot command is one that is pegged as being difficult to use, or too persnickety and tedious to setup. It seems this terrific utility isn’t used as much as it might be.

With chroot you can set up and run programs or interactive shells such as Bash in an encapsulated filesystem that is prevented from interacting with your regular filesystem. Everything within the chroot environment is penned in and contained. Nothing in the chroot environment can see out past its own, special, root directory without escalating to root privileges. That has earned this type of environment the nickname of a chroot jail. The term “jail” shouldn’t be confused with FreeBSD’s jail command, which creates a chroot environment that is more secure than the usual chroot environment.

But actually, there’s a very straightforward way to use chroot, which we’re going to step through. We’re using regular Linux commands which will work on all distributions. Some Linux distributions have dedicated tools to set up chroot environments, such as debootstrap for Ubuntu, but we’re being distro-agnostic here.

When Should You Use a chroot?

A chroot environment provides functionality similar to that of a virtual machine, but it is a lighter solution. The captive system doesn’t need a hypervisor to be installed and configured, such as VirtualBox or Virtual Machine Manager. Nor does it need to have a kernel installed in the captive system. The captive system shares your existing kernel.

In some senses, chroot environments are closer to containers such as LXC than to virtual machines. They’re lightweight, quick to deploy, and creating and firing one up can be automated. Like containers, one convenient way to configure them is to install just enough of the operating system for you to accomplish what is required. The “what is required” question is answered by looking at how you’re going to use your chroot environment.

Some common uses are:

Software Development and Product Verification. Developers write software and the product verification team (PV) tests it.  Sometimes issues are found by PV that can’t be replicated on the developer’s computer. The developer has all sorts of tools and libraries installed on their development computer that the average user—and PV—won’t have. Often, new software that works for the developer but not for others turns out to be using a resource on the developer’s PC that hasn’t been included in the test release of the software. chroot allows the developers to have a plain vanilla captive environment on their computer that they can sheep-dip the software in before giving it to PV. The captive environment can be configured with the bare minimum dependencies that the software requires.

Read the remaining 70 paragraphs


Post a Comment Blogger

We welcome comments that add value to the discussion. We attempt to block comments that use offensive language or appear to be spam, and our editors frequently review the comments to ensure they are appropriate. As the comments are written and submitted by visitors of The Sheen Blog, they in no way represent the opinion of The Sheen Blog. Let's work together to keep the conversation civil.

 
Top