chroot

Change the root directory to the specified destination directory

Supplementary instructions

chroot command is used to run instructions in the specified root directory. chroot, that is, change root directory (change root directory). In Linux systems, the default directory structure of the system starts with /, which means root. After using chroot, the directory structure of the system will use the specified location as the / location.

After passing the chroot command, the directories and files read by the system will no longer be under the old system root but the directory structure and files under the new root (that is, the specified new location), so the benefits it brings are roughly as follows The following 3:

Increases system security and limits user power:

After chroot, the root directory structure and files of the old system will not be accessible under the new root, thus enhancing the security of the system. This is usually done by using chroot before logging in, so that the user cannot access some specific files.

Establish a system directory structure that is isolated from the original system to facilitate user development:

After using chroot, the system reads the directories and files under the new root. This is a directory structure that is not related to the files under the original system root. In this new environment, it can be used to test static compilation of software and some independent development that is not related to the system.

Switch the root directory location of the system, boot the Linux system startup and emergency system, etc.:

The role of chroot is to switch the root location of the system, and the most obvious role of this is in the processing of the system's initial boot disk. It switches the root location of the system from the initial RAM disk (initrd) and executes the real init. In addition, when some problems occur in the system, we can also use chroot to switch to a temporary system.

grammar

chroot(options)(parameters)

Options

--help: online help;
--version: Display version information.

Parameters

Example

Set target as the root directory (run /bin/sh in it):

chroot target /bin/sh

Here, target is the path where busybox is installed, similar to a file system that contains many tools. In this way, you will enter a shell interface with target as the root. Run exit to exit the shell and return to the original local environment. You can also use Ctrl+D.

Notice:

Set target as the root directory (run /bin/ls in it):

chroot target /bin/ls

Here, target is the path where busybox is installed, similar to a file system that contains many tools. What is run in this way is ls in the target (not the local /bin/ls), and then returns to the immediate local directory environment.

Note that after compiling a program locally to generate a.out, copying it into target/bin/ and running it like this will not work, because it contains dynamically linked libraries. You need to use ldd to check which dynamic libraries a.out requires. These libraries can be executed only after copying them to the corresponding path of the new root.

Use chroot to run a program you compiled:

Prepare the root directory for chroot:

mkdir newRoot

Compile your own program:

gcc main.c

Here main.c generates a.out, whose function is to output hello.

View the libraries required by the program:

ldd a.out

After input, the output is as follows:

linux-gate.so.1 = > (0xb8034000)
libc.so.6 = > /lib/tls/i686/cmov/libc.so.6 (0xb7eab000)
/lib/ld-linux.so.2 (0xb801a000)

Copy the libraries and programs required by the program to the new root directory:

cp a.out newRoot
mkdir newRoot/lib
cp /lib/tls/i686/cmov/libc.so.6 newRoot/lib
cp /lib/ld-linux.so.2 newRoot/lib

The content of newRoot here will be as follows:

a.out lib/

Use chroot to run your own program:

su
chroot newRoot /a.out

In this way, a.out can be run correctly. Because a.out uses other dynamic link libraries, the library needs to be copied to newRoot. If there are no other libraries, then a.out can be run directly by copying it. For example, after statically compiled busybox, the /bin/busybox in its installation directory does not depend on other libraries.