ubuntu chroot environment | What is chroot?

What is chroot?

chroot (short for "change root") is a Unix/Linux command that changes the apparent root directory for a process and its children. This creates a "chroot jail", isolating processes from the rest of the system.

Why use chroot?

1. Security – Restricts users or processes to a specific directory, preventing access to critical system files.
2. Testing/Development – Run software in a controlled environment without affecting the main system.
3. System Recovery – Mount a damaged system and fix it using a live Linux environment.
4. SFTP/SSH Restriction – Limit SSH/SFTP users to their home directories for security.

Setup of chroot Environment

1. change to root user 

   sudo su -

2. Add user 

   adduser <username>

3. Setting up open-ssh

   To install the OpenSSH server application, and related support files, use this command at a terminal prompt:

   sudo apt install openssh-server

    

   nano /etc/ssh/sshd_config

   • Find the line

     #chrootDirectory
     #Subsystem

   • Then change

     Match User * ,!<username>
     	ChrootDirectory %h

     • note: * means all user (wildcard) & ! means exclude

        

4. Change the ownership

   chown root:root /home/<username Directory>
   chmod 755 /home/<username Directory>

5. Setup interactive shell for ssh chroot jail

   1. First create bin folder into user directory

      mkdir -p /home/<user>/bin

   2. Then, copy main bin/bash into bin inter user

      cp -v /bin/bash /home/<user>/bin/

6. Setup interactive session

   ls -l /dev/{null,zero,stdin,stdout,stderr,random,tty}

   output: 

   

   Then

   1. mkdir -p /home/<username>/dev/
      cd /home/<username>/dev/

   2. mknod -m 666 null c 1 3
      mknod -m 666 tty c 5 0
      mknod -m 666 zero c 1 5
      mknod -m 666 random c 1 8
      

7.  Identify bash required shared lib & lib64

   ldd /bin/bash

   note: see location of bash file 

   output

   

   mkdir -p /home/<username>/lib
   mkdir -p /home/<username>/lib64
   mkdir -p /home/<username>/lib/x86_64-linux-gnu

   Then copy all file related with bash file lib

   cp -v /lib/x86_64-linux-gnu/{filename} /home/<username>/lib/x86_64-linux-gnu/
   cp -v /lib64/{filename} /home/<username>/lib64/

    

8. Install few user command into bin folder 

   cp -v /bin/ls /home/<username>/bin/

   then try the step 7 for ls command 

   ldd /bin/ls

Some important cli for chroot

          bash, ls , mkdir , chown, chmod