The chroot daemon allow users to create their own root directory. Chroot help user to convert any directory into root directory.
For example your home directory will act as a root (/). Chroot locks the process into its own created root and isolate it from other enviroments/System.
If you have installed any software in your own directory. It will not be available to other system and installed software cannot access features/commands available in the system.
If you need to use command like cp , rm , ls etc.
You have to copy these commands in your own root(/) directory.
Before You learn how to create own filesystem /chrooting .
Lets discuss few advantages and disadvantages of chrooting
Advantages
- Limited access
Wen you have installed/setup a application in your on create root/filesystem. Due to any venerability someone break into your
system. He will only have access to your own created root/filesystem. Data and software installed on real system are invisible and unaccessible
to hacker. - Limited command available for unauthorized user
The hacker can only execute command you have added in your own create root
Disadvantages
- Difficult to setup
It is very difficult to perform chrooting on your system. - Limited command available
You have limited command to execute. You have to add every command which you need to use
How to perform chrooting
The Basic syntax for chroot is mentioned below
chroot /path/to/new/root command
OR
chroot /path/to/new/root /path/to/server
OR
chroot [options] /path/to/new/root /path/to/server
Create a directoryÂ
This will be a mini-jail for testing purpose that has bash, ls, cp, mv command only. First, lets set jail location using mkdir command:
[kmehmood@myserver2 Test]$Â mkdir Test
NOTE
Test will be the jail directory.
Create bin,lib64 and lib directories inside Test folder
[kmehmood@myserver2 Test]$Â Â mkdir -p Test/{bin,lib64,lib}
[kmehmood@myserver2 Test]$Â Â cd Test
Copy /bin/bash , /bin/ls , /bin/cp and /bin/mv into Test/bin/ location using cp command:
[kmehmood@myserver2 Test]$Â cp -v /bin/{bash,ls,mv,cp} Test/bin
Now find the required libraries
for example find dependent libraries for bash ldd /bin/bash
Now get dependencies in file (input.txt) to copy libraries easily
[kmehmood@myserver2 Test]$Â Â ldd /bin/bash >input.txt [kmehmood@myserver2 Test]$Â Â ldd /bin/ls >>input.txt [kmehmood@myserver2 Test]$Â Â ldd /bin/bash >>input.txt [kmehmood@myserver2 Test]$Â Â ldd /bin/cp >>input.txt [kmehmood@myserver2 Test]$Â Â ldd /bin/mv >>input.txt
Now use following commands
[kmehmood@myserver2 Test]$ cat input.txt|awk -F'/' '{print "/"$2"/"$3}' |cut -d' ' -f1 |sort |uniq|grep -v '\/\/'
Above command will output the libraries
Now follow the step to copy libs
[kmehmood@myserver2 Test]$ depend=`cat input.txt|awk -F'/' '{print "/"$2"/"$3}' |cut -d' ' -f1 |sort |uniq|grep -v '\/\/' `
[kmehmood@myserver2 Test]$ echo $depend
/lib64/ld-linux-x86-64.so.2 /lib64/libacl.so.1 /lib64/libattr.so.1 /lib64/libcap.so.2 /lib64/libc.so.6 /lib64/libdl.so.2 /lib64/libpcre.so.1 /lib64/libpthread.so.0 /lib64/libselinux.so.1 /lib64/libtinfo.so.5
[kmehmood@myserver2 Test]$
[kmehmood@myserver2 Test]$ cp -v $depend lib64
Now use the following command
sudo chroot Test/ /bin/bash
If every thing goes will after execution of above command Test directory will be act as root as shown in output
verification
Now try to execute the commands and different commands .
How to exit
Type command exit as show above
Now again login to root by executing following
sudo chroot Test/ /bin/bash
Create directories like etc , var
If you face any issue in installation of software in let me know in comments.
