Quick guide to chroot in Linux

0
36

The chroot daemon allow users to create their own root directory. Chroot help user to convert any directory into root directory.
For example your home directory will act as a root (/). Chroot locks the process into its own created root and isolate it from other enviroments/System.

If you have installed any software in your own directory. It will not be available to other system and installed software cannot access features/commands available in the system.
If you need to use command like cp , rm , ls etc.
You have to copy these commands in your own root(/) directory.
Before You learn how to create own filesystem /chrooting .
Lets discuss few advantages and disadvantages of chrooting

Advantages

  • Limited access
    Wen you have installed/setup a application in your on create root/filesystem. Due to any venerability someone break into your
    system. He will only have access to your own created root/filesystem. Data and software installed on real system are invisible and unaccessible
    to hacker.
  • Limited command available for unauthorized user
    The hacker can only execute command you have added in your own create root

Disadvantages

  • Difficult to setup
    It is very difficult to perform chrooting on your system.
  • Limited command available
    You have limited command to execute. You have to add every command which you need to use

How to perform chrooting

The Basic syntax for chroot is mentioned below
chroot /path/to/new/root command
OR
chroot /path/to/new/root /path/to/server
OR
chroot [options] /path/to/new/root /path/to/server

Create a directory 
This will be a mini-jail for testing purpose that has bash, ls, cp, mv command only. First, lets set jail location using mkdir command:
[kmehmood@myserver2 Test]$  mkdir Test

NOTE
Test will be the jail directory.

Create bin,lib64 and lib directories inside Test folder

[kmehmood@myserver2 Test]$    mkdir -p Test/{bin,lib64,lib}
[kmehmood@myserver2 Test]$    cd Test

Copy /bin/bash , /bin/ls , /bin/cp and /bin/mv into Test/bin/ location using cp command:

[kmehmood@myserver2 Test]$  cp -v /bin/{bash,ls,mv,cp} Test/bin

Now find the required libraries
for example find dependent libraries for bash ldd /bin/bash

Now get dependencies in file (input.txt) to copy libraries easily

[kmehmood@myserver2 Test]$    ldd /bin/bash >input.txt
[kmehmood@myserver2 Test]$    ldd /bin/ls >>input.txt
[kmehmood@myserver2 Test]$    ldd /bin/bash >>input.txt
[kmehmood@myserver2 Test]$    ldd /bin/cp >>input.txt
[kmehmood@myserver2 Test]$    ldd /bin/mv >>input.txt

Now use following commands

[kmehmood@myserver2 Test]$ cat input.txt|awk -F'/' '{print "/"$2"/"$3}' |cut -d' ' -f1 |sort |uniq|grep -v '\/\/'

Above command will output the libraries
Now follow the step to copy libs

[kmehmood@myserver2 Test]$ depend=`cat input.txt|awk -F'/' '{print "/"$2"/"$3}' |cut -d' ' -f1 |sort |uniq|grep -v '\/\/' `
[kmehmood@myserver2 Test]$ echo $depend
/lib64/ld-linux-x86-64.so.2 /lib64/libacl.so.1 /lib64/libattr.so.1 /lib64/libcap.so.2 /lib64/libc.so.6 /lib64/libdl.so.2 /lib64/libpcre.so.1 /lib64/libpthread.so.0 /lib64/libselinux.so.1 /lib64/libtinfo.so.5
[kmehmood@myserver2 Test]$
[kmehmood@myserver2 Test]$  cp -v $depend  lib64

Now use the following command

sudo chroot Test/ /bin/bash

If every thing goes will after execution of above command Test directory will be act as root as shown in output

verification
Now try to execute the commands and different commands .

How to exit
Type command exit as show above

Now again login to root by executing following

sudo chroot Test/ /bin/bash

Create directories like etc , var
If you face any issue in installation of software in let me know in comments.

LEAVE A REPLY

Please enter your comment!
Please enter your name here