A chroot on Unix operating systems is an operation which changes the root directory. It affects only the current process and its children. "chroot" itself can refer to the chroot(2) system call or the chroot(8) wrapper program. Wikibooks has more about this subject: Guide to UNIX Unix or UNIX is a computer operating system originally developed in the 1960s and 1970s by a group of AT&T Bell Labs employees including Ken Thompson, Dennis Ritchie, and Douglas McIlroy. ... In computing, an operating system (OS) is the system software responsible for the direct control and management of hardware and basic system operations. ... In computer file systems, the root directory is the first or top-most directory in a hierarchy. ... In computing, a system call is the mechanism used by an application program to request service from the operating system, or more specifically, the operating system kernel. ...

A program that is re-rooted to another directory cannot name files outside that directory. This provides a convenient way to sandbox an untrusted, test or otherwise dangerous program. It is also a simple kind of jail mechanism. In computer security, a sandbox is a security mechanism for safely running programs. ...

In practice, chrooting is complicated by programs expecting at startup to find scratch space, configuration files, device nodes and shared libraries at certain preset locations. To allow programs to spawn inside the chroot directory, it must be populated with a minimum set of these files, preferably carefully chosen so as not to allow unintended access to the outside system. A device node is a special file type used on many Unix-like operating systems. ... In computer science, a library is a collection of subprograms used to develop software. ...

Programs are allowed to carry open file descriptors (for files, pipelines and network connections) into the chroot, which can simplify jail design by making it unnecessary to leave working files inside the chroot directory. This also works as a simple capability system, in which the program is explicitly granted access to resources outside the chroot based on the descriptors it can carry in. The term file descriptor is generally used in POSIX operating systems. ... This article or section should be merged with Capability (computers) and Capability. ...

Uses

Privilege separation 

A chroot can be used as a pre-emptive way of containing a security breach by preventing a would-be attacker from doing any damage or probing the host system with a compromised program. A network file server, for example, can chroot to the directory it is serving files from just after accepting a network connection from a client. A similar approach is used by the Postfix mail transfer agent, which divides its work up into a pipeline of smaller, individually chroot-jailed programs.

Honeypotting 

A chroot directory can be populated so as to simulate a real system running network services. The chroot mechanism can then prevent attackers who do compromise the system from discovering that it is an artificial environment, or from breaking out into the real system.

Testing 

The isolation provided by the chroot mechanism is also useful for testing purposes. A separate copy of the operating system can be installed into the chroot directory as a test environment for software that would otherwise be too risky to deploy on a production system.

Postfix is an open source mail transfer agent (MTA), a computer program for the routing and delivery of email, that is intended as a fast, easy to administer and secure alternative to the widely-used Sendmail. ... A mail transfer agent or MTA (also called a mail server, or a mail exchange server in the context of the Domain Name System) is a computer program or software agent that transfers electronic mail messages from one computer to another. ... Look up Honeypot in Wiktionary, the free dictionary For the plant, see king protea. ...

Disadvantages

Only the root user can perform a chroot. This is intended to prevent users from putting a setuid program inside a specially-crafted chroot jail (for example, with a fake /etc/passwd file) that would fool it into giving out privileges. It also, however, prevents non-root users from using the chroot mechanism to create sandboxes of their own. Setuid is a UNIX term, and is short for Set User ID. Setuid, also sometimes referred to as suid, is an access right flag that can be assigned to files and directories on a UNIX based operating system. ...

The chroot mechanism itself is not entirely secure. If a chrooted program has root privileges, it can perform a second chroot to break out. This works because some Unix kernels do not allow chroot contexts to stack properly.

Most Unixes are not completely file system-oriented and leave potentially disruptive functionality like networking and process control available through the system call interface to a chrooted program.

The chroot mechanism in itself also does not impose any limits on resources like I/O bandwidth, disk space or CPU time.

References

• FreeBSD chroot(2) and chroot(8) manual pages.

External links

• Jailkit: A set of utilities to build chroot environments.
• Article "Setting up a Chroot Jail for CVS" by Frank Schoep