How to Use chroot

The Linux chroot command enables you to run applications or shells within a separate, secure environment. Because a chroot environment is walled off from the rest of your system, it can be an ideal space for testing. This guide discusses the primary use cases for chroot and shows you how to create your own chroot environment.

What is chroot?

The chroot command allows you to create a separate environment for running processes in isolation. The command creates a distinct file system with its own root directory that is completely walled off from access to the rest of your system. For this reason, the chroot environment is often referred to as chroot jail.

What is chroot Jail?

As described above, the chroot command creates an isolated environment, known as chroot jail. Processes running in this environment have a distinct root directory and file system. These processes are prevented from accessing anything on the system outside of the chroot jail.

To create a chroot jail, you create a directory to act as the root for your chroot environment. Then, you add the programs and system components you need to run any processes you intend to test in the chroot environment.

When you run chroot command against the directory you created, you can then use it as its own functioning system. The directory you created acts as the root directory, so anything operating inside of it is restricted to the chroot directory.

The chroot environment gives you a clean and separate space for running processes. It ensures that anything running in chroot jail is not affected by the primary file system. Similarly, the chroot jail cannot affect the primary file system.

What is the Purpose of a chroot Jail?

The primary reason for creating a chroot environment is to test processes in isolation. There are two main scenarios in which you may want to test in isolation:

The first scenario is to test an untrusted application. Running it in chroot jail allows you to run the application without allowing it to access the rest of your file system.
Another reason is to test an application, command, or series of commands in a secluded environment. With a chroot environment, you guarantee that the processes or commands run in a clean and easily reproducible file system.

When to Use chroot

Use chroot when you have an application or a shell process that you may not trust. Keeping any processes you are unsure of in chroot jail allows you to test them out prior to running them on your system.

You may be thinking chroot sounds like a virtual machine, and you would be right. However, chroot has the advantage of being much lighter and easier to set up than a virtual machine. You can quickly install a minimal OS in a chroot environment to test small processes, commands, or compile packages.

How to Use chroot

The following sections show you how to set up and start using chroot environments on your Ubuntu system.

Create a Test Environment

To create a chroot environment for testing, this guide has you install a minimal Debian or Ubuntu distribution in the chroot directory. Doing so gives you a full operating system in your chroot environment, where you can install programs and run processes in an isolated space.

Create a directory for your chroot environment. In this guide, a chroot-jail directory is created in the user’s home directory.
```
 mkdir ~/chroot-jail
```
At this point, you need to install the system files to be used in the chroot environment. You can do so easily with the debootstrap tool, which you can install using your system’s package manager:
```
 sudo apt install debootstrap
```
Use debootstrap to install the desired Debian or Ubuntu distribution to your chroot directory. This guide uses Ubuntu 20.04 (Focal).
```
 sudo debootstrap focal ~/chroot-jail
```
Alternatively, you can install a different Ubuntu release, or a Debian release. The example below installs Debian 10 Buster:
```
 sudo debootstrap buster ~/chroot-jail
```
Run Bash through chroot to verify the environment setup.
```
 sudo chroot ~/chroot-jail /bin/bash
```
```
root@localhost:/#
```
You can even use the ls command to confirm that things in the chroot environment only have access to the chroot directory.
Exit the chroot environment’s Bash shell.
```
 exit
```

Configure the Test Environment

This section shows some basics for setting up a chroot environment for testing. You are likely to need additional steps to set up the environment for your specific testing scenarios. However, these basics are meant to cover commonly needed configurations regardless of the testing scenario.

Run Bash in the chroot environment, as shown in the section above, and create a limited user using the command below. The example-user username used in this example needs to match the limited user you are using to access the chroot environment.
```
 adduser example-user
```
If you require your user to have sudo access for chroot testing, use the following command to give that access to the user.
```
 adduser example-user sudo
```
Depending on the Debian or Ubuntu distribution you installed, you may have to install sudo from the package manager.
```
 apt install sudo
```
This may also be a good time to install any other programs you need for your testing purposes.
Exit the chroot environment’s shell.
```
 exit
```
Mount the drives shown below to their respective chroot directories. This allows you to use sudo as your limited user in the chroot environment:
```
 sudo mount --bind /proc ~/chroot-jail/proc/
 sudo mount --bind /sys ~/chroot-jail/sys/
 sudo mount --bind /dev ~/chroot-jail/dev/
```

Install and Configure schroot

The schroot tool allows you to use a chroot environment as a limited user, rather than as root. If you are familiar with dchroot, schroot replaces it as the standard tool for working with chroot environments.

Install schroot.
```
 sudo apt install schroot
```
Open the schroot configuration file — /etc/schroot/schroot.conf — and add a configuration for your chroot environment.

The file comes with several configuration examples. The file below is a simple example used for this guide.
```
File: /etc/schroot/schroot.conf

[...]
[focal-env]
description=Ubuntu Focal
directory=/home/example-user/chroot-jail
users=example-user
groups=sbuild
root-groups=root
aliases=focal
[...]
```
Access the chroot environment through schroot.
```
 schroot -c focal
```

You are now logged into the chroot environment as your limited user. There, you can run programs and commands and install packages just as you would on a usual operating system.

Exit and Remove a chroot Environment

To exit the chroot environment, simply use the exit command. This takes you out of the chroot shell and back to the main Linux system’s shell.

Once you are done with your tests, you may be ready to remove the environment altogether. You can achieve this with the following steps.

Unmount each of the drives you mounted previously.

 sudo umount ~/chroot-jail/dev
 sudo umount ~/chroot-jail/sys
 sudo umount ~/chroot-jail/proc

Delete the chroot directory along with its contents.
```
 sudo rm -R ~/chroot-jail
```

More Information

You may wish to consult the following resources for additional information on this topic. While these are provided in the hope that they will be useful, please note that we cannot vouch for the accuracy or timeliness of externally hosted materials.

https://man.imzye.com/Linux/schroot

Leave a message