What is chroot jail and How to Use it? |
您所在的位置:网站首页 › chroot jail › What is chroot jail and How to Use it? |
Introduction The term chroot jail dates all the way back to 1992 and is frequently used today. But what does this term mean, and what is this operation used for? In this tutorial, we will cover the basics of using chroot jails and show you how you can set one up. Prerequisites A system running a Linux or Unix operating systemA user account with sudo-level privilegesAccess to the terminal/command line What Is chroot jail?A chroot (short for change root) is a Unix operation that changes the apparent root directory to the one specified by the user. Any process you run after a chroot operation only has access to the newly defined root directory and its subdirectories. This operation is colloquially known as a chroot jail since these processes cannot read or write outside the new root directory. What Is chroot jail Used for?Chroot jail is used to create a limited sandbox for a process to run in. This means a process cannot maliciously change data outside the prescribed directory tree. Another use for chroot jails is as a substitute for virtual machines. This method is called kernel-level virtualization and requires fewer resources than virtual machines. This operation allows users to create multiple isolated instances on the same system. How to Use chroot jailThis example takes you through creating and setting up chroot jail so it can run bash and ls commands. Follow these steps: 1. Create a new directory called chroot_jail: mkdir chroot_jailIf we try to chroot into the new directory, we get the following output: You must enable the bash command before you can chroot into the new directory. This requires copying the command file and all associated libraries into the new root directory. 2. Create a new subdirectory tree inside chroot_jail: mkdir -p chroot_jail/bin chroot_jail/lib64/x86_64-linux-gnu chroot_jail/lib/x86_64-linux-gnuThese subdirectories will store all the necessary elements of the bash and ls commands. 3. Using the cp command with the which command lets copy bash and ls commands without specifying the path you are copying from. To do so, use: cp $(which ls) chroot_jail/bin/ cp $(which bash) chroot_jail/bin/Note: If your bash or ls command are aliased, you need to unalias them before copying. Use unalias [command], where [command] is the name of the command you want to unalias. 4. For bash and ls to work in the new root folder, add all associated libraries to chroot_jail/libraries. Use the ldd command to find out which libraries are associated with which command: ldd $(which bash) ldd $(which ls)5. Copy the appropriate libraries to the chroot_jail subdirectories lib and lib64. For the bash command: cp /lib/x86_64-linux-gnu/libtinfo.so.6 chroot_jail/lib/x86_64-linux-gnu/ cp /lib/x86_64-linux-gnu/libdl.so.2 chroot_jail/lib/x86_64-linux-gnu/ cp /lib/x86_64-linux-gnu/libc.so.6 chroot_jail/lib/x86_64-linux-gnu/ cp /lib64/ld-linux-x86-64.so.2 chroot_jail/lib64/For the ls command: cp /lib/x86_64-linux-gnu/libselinux.so.1 chroot_jail/lib/x86_64-linux-gnu/ cp /lib/x86_64-linux-gnu/libc.so.6 chroot_jail/lib/x86_64-linux-gnu/ cp /lib/x86_64-linux-gnu/libpcre2-8.so.0 chroot_jail/lib/x86_64-linux-gnu/ cp /lib/x86_64-linux-gnu/libdl.so.2 chroot_jail/lib/x86_64-linux-gnu/ cp /lib64/ld-linux-x86-64.so.2 chroot_jail/lib64/ cp /lib/x86_64-linux-gnu/libpthread.so.0 chroot_jail/lib/x86_64-linux-gnu/6. Use the chroot command to change the root to the chroot_jail directory: sudo chroot chroot_jailNote: Changing the root to the chroot_jail directory starts a new instance of the bash shell. Use the ls command to list all the files and directories in the new root directory tree: ls -R7. Once you are done using the new root folder, exit the shell: exitConclusion After following this tutorial, you should be able to set up a chroot jail, along with the necessary resources to run processes and commands in the new root directory. For more information on Linux commands, check out our Linux Command Cheat Sheet. |
CopyRight 2018-2019 办公设备维修网 版权所有 豫ICP备15022753号-3 |