How to Use chroot
chroot command enables you to run applications or shells within a separate, secure environment. Because a
chroot environment is walled off from the rest of your system, it can be an ideal space for testing. This guide discusses the primary use cases for chroot and shows you how to create your own chroot environment.
What is chroot?
chroot command allows you to create a separate environment for running processes in isolation. The command creates a distinct file system with its own root directory that is completely walled off from access to the rest of your system. For this reason, the
chroot environment is often referred to as chroot jail.
What is chroot Jail?
As described above, the
chroot command creates an isolated environment, known as chroot jail. Processes running in this environment have a distinct root directory and file system. These processes are prevented from accessing anything on the system outside of the chroot jail.
To create a chroot jail, you create a directory to act as the root for your
chroot environment. Then, you add the programs and system components you need to run any processes you intend to test in the
When you run
chroot command against the directory you created, you can then use it as its own functioning system. The directory you created acts as the root directory, so anything operating inside of it is restricted to the
chroot environment gives you a clean and separate space for running processes. It ensures that anything running in chroot jail is not affected by the primary file system. Similarly, the chroot jail cannot affect the primary file system.
What is the Purpose of a chroot Jail?
The primary reason for creating a
chroot environment is to test processes in isolation. There are two main scenarios in which you may want to test in isolation:
- The first scenario is to test an untrusted application. Running it in chroot jail allows you to run the application without allowing it to access the rest of your file system.
- Another reason is to test an application, command, or series of commands in a secluded environment. With a
chrootenvironment, you guarantee that the processes or commands run in a clean and easily reproducible file system.
When to Use chroot
chroot when you have an application or a shell process that you may not trust. Keeping any processes you are unsure of in chroot jail allows you to test them out prior to running them on your system.
You may be thinking
chroot sounds like a virtual machine, and you would be right. However,
chroot has the advantage of being much lighter and easier to set up than a virtual machine. You can quickly install a minimal OS in a
chroot environment to test small processes, commands, or compile packages.
How to Use chroot
The following sections show you how to set up and start using
chroot environments on your Ubuntu system.
Create a Test Environment
To create a
chroot environment for testing, this guide has you install a minimal Debian or Ubuntu distribution in the
chroot directory. Doing so gives you a full operating system in your
chroot environment, where you can install programs and run processes in an isolated space.
Create a directory for your
chrootenvironment. In this guide, a
chroot-jaildirectory is created in the user’s home directory.
At this point, you need to install the system files to be used in the
chrootenvironment. You can do so easily with the
debootstraptool, which you can install using your system’s package manager:
sudo apt install debootstrap
debootstrapto install the desired Debian or Ubuntu distribution to your
chrootdirectory. This guide uses Ubuntu 20.04 (Focal).
sudo debootstrap focal ~/chroot-jail
Alternatively, you can install a different Ubuntu release, or a Debian release. The example below installs Debian 10 Buster:
sudo debootstrap buster ~/chroot-jail
Run Bash through
chrootto verify the environment setup.
sudo chroot ~/chroot-jail /bin/bash
You can even use the
lscommand to confirm that things in the
chrootenvironment only have access to the
chrootenvironment’s Bash shell.
Configure the Test Environment
This section shows some basics for setting up a
chroot environment for testing. You are likely to need additional steps to set up the environment for your specific testing scenarios. However, these basics are meant to cover commonly needed configurations regardless of the testing scenario.
Run Bash in the
chrootenvironment, as shown in the section above, and create a limited user using the command below. The
example-userusername used in this example needs to match the limited user you are using to access the
If you require your user to have
chroottesting, use the following command to give that access to the user.
adduser example-user sudo
Depending on the Debian or Ubuntu distribution you installed, you may have to install
sudofrom the package manager.
apt install sudo
This may also be a good time to install any other programs you need for your testing purposes.
Mount the drives shown below to their respective
chrootdirectories. This allows you to use
sudoas your limited user in the
sudo mount --bind /proc ~/chroot-jail/proc/ sudo mount --bind /sys ~/chroot-jail/sys/ sudo mount --bind /dev ~/chroot-jail/dev/
Install and Configure schroot
schroot tool allows you to use a
chroot environment as a limited user, rather than as
root. If you are familiar with
schroot replaces it as the standard tool for working with
sudo apt install schroot
schrootconfiguration file —
/etc/schroot/schroot.conf— and add a configuration for your
The file comes with several configuration examples. The file below is a simple example used for this guide.
File: /etc/schroot/schroot.conf [...] [focal-env] description=Ubuntu Focal directory=/home/example-user/chroot-jail users=example-user groups=sbuild root-groups=root aliases=focal [...]
schroot -c focal
You are now logged into the
chroot environment as your limited user. There, you can run programs and commands and install packages just as you would on a usual operating system.
Exit and Remove a chroot Environment
To exit the
chroot environment, simply use the
exit command. This takes you out of the
chroot shell and back to the main Linux system’s shell.
Once you are done with your tests, you may be ready to remove the environment altogether. You can achieve this with the following steps.
Unmount each of the drives you mounted previously.
sudo umount ~/chroot-jail/dev sudo umount ~/chroot-jail/sys sudo umount ~/chroot-jail/proc
chrootdirectory along with its contents.
sudo rm -R ~/chroot-jail
You may wish to consult the following resources for additional information on this topic. While these are provided in the hope that they will be useful, please note that we cannot vouch for the accuracy or timeliness of externally hosted materials.
- Welcome to visit the knowledge base of SRE and DevOps!
- License under CC BY-NC 4.0
- Made with Material for MkDocs and improve writing by generative AI tools
- Copyright issue feedback me#imzye.com, replace # with @