DEV Community

Cover image for Creating a Chrooted Environment
Azeez Lukman
Azeez Lukman

Posted on

Creating a Chrooted Environment

Introduction

Every process in Linux has a base working directory called the root directory. The root directory designated by the slash sign is where every other directory in your system begins. Although you cannot go above this directory, you can change it.

The chroot command changes the root directory for any currently running process as well as its child processes. This article will walk you through the process of creating a chrooted environment, adding access to Linux commands, along with including shared libraries for these commands.

What is chroot

So what does it mean to change the root directory? According to the official Debian documentation:

chroot is an operation that changes the apparent root directory for the current running process and their children.

Hmm, maybe that isn’t clear enough still… When you change the root directory, commands run from the new environment are locked down to that environment, they are not able to access any files or even commands outside of that directory. When you use the chroot command, you get this completely isolated environment also referred to as a chroot jail.

The “*chroot” command can be very useful in situations when you need t*o create a test environment, or you need to recover the system or password, or even when you need to reinstall the bootloader. There are several other reasons you might want to create a chrooted environment and it’s completely safe to try it out for the sake of learning something new.

Setup jailed root environment

Let’s walk through the process of creating a chrooted environment, and create a new user for that environment.

Performing a chroot requires that you are a super user. So you need to first become the root user by running the command below:

sudo su -
Enter fullscreen mode Exit fullscreen mode

Create the directory we would chroot to within the /home directory named /home/bailey. Although you can chroot into any directory.

Create a directory for bailey with the command below:

mkdir /home/bailey
Enter fullscreen mode Exit fullscreen mode

Create a new user

Create a new user for your environment named bailey.

useradd bailey
Enter fullscreen mode Exit fullscreen mode

Provision commands to run

When we chroot into a directory, we are in a completely isolated environment, you need to provide everything you need afresh including the files and commands so we are limited to the commands and files within this chroot jail directory, in order to enable us to run some commands in a jailed directory we need to make them available there either by installing the commands to that directory or by moving them.

Start by creating the bin and lib64 directories in /home/bailey then move in the needed commands into these directories.

Run the command below to Create two new directories; bin, and lib64, within the /home/bailey directory:

mkdir /home/elba/{bin,lib64}
Enter fullscreen mode Exit fullscreen mode

We need bash, ls, and cat commands

Start by copying /bin/bash on the local computer into the chroot jail at /home/bailey/bin/bash:

cp /bin/bash /home/bailey/bin/bash
Enter fullscreen mode Exit fullscreen mode

Then copy /bin/ls into /home/bailey/bin/ls:

cp /bin/ls /home/bailey/bin/ls
Enter fullscreen mode Exit fullscreen mode

Finally, copy /bin/cat into /home/bailey/bin/cat:

cp /bin/cat /home/bailey/bin/cat
Enter fullscreen mode Exit fullscreen mode

The next step is to find and Copy the libraries needed for bash, ls, and cat over to /home/bailey/lib64

Find the required libraries using ldd:

ldd /bin/bash /bin/ls /bin/cat 
cp /lib64/libtinfo.so.5 \ /lib64/libdl.so.2 \ /lib64/ld-linux-x86-64.so.2 \ /lib64/libselinux.so.1 \ /lib64/librt.so.1 \ /lib64/libcap.so.2 \ /lib64/libacl.so.1 \ /lib64/libc.so.6 \ /lib64/libpthread.so.0 \ /lib64/libattr.so.1 \ /lib64/libpcre.so.1 /home/elba/lib64
Enter fullscreen mode Exit fullscreen mode

Now we have the commands in place, but there’s one more thing to do before creating the chrooted environment.

Create a text file with some sample text in it so we are able to run the commands against it.

Use nano to create the hello.txt file in the /home/bailey and add some text to it:

nano /home/bailey/hello.txt

# Write the following in the file:
Welcome to chroot jail

# Write out and close the file:
^O & ^X
Enter fullscreen mode Exit fullscreen mode

Change the root environment

Finally, create a chrooted environment in /home/bailey with a Bash shell using the chroot command:

chroot /home/bailey /bin/bash
Enter fullscreen mode Exit fullscreen mode

This has now created a chrooted enviroment at /home/bailey

Check the commands

Using the command pwd, confirm the present working directory and then confirm that you can use the ls command to list files in the directory.

pwd
ls 
Enter fullscreen mode Exit fullscreen mode

You should see the hello.txt file that was created previously, now confirm you can view the contents of hello.txt

cat hello.txt
Enter fullscreen mode Exit fullscreen mode

Limitations

It's really important to mention that running programs in a chrooted environment is not entirely secure as it is easy for processes to break out of this environment if they are run with root privileges, it cannot handle tampering by privileged users.

It's advised to revoke root privileges after chrooting in order to reduce these security risks. A better option would be to enforce a real jail With other mechanisms like freeBSD jails and more.

Conclusion

You have successfully changed your root environment hereby creating a chrooted environment otherwise known as a chroot jail environment. I hope you enjoyed reading this piece as much as i enjoyed writing it.

Top comments (0)