What is the chroot command and why is it important to the security of a system?

The chroot command stands for ‘change root’. This command allows a system administrator to set up a restricted section of the filesystem for users to use (commonly called a ‘chroot jail’). This filesystem appears to the user to be the complete filesystem, but in reality it is merely a subdirectory of the ‘real’ filesystem, containing just those commands and directories that the system administrator wishes the user to have access to.

Although the UNIX permissions model is a tried and true one, it is still fraught with enough complications that few system administrators would feel comfortable with strange users roaming through their machines. Chroot gives them the ability to grant access to certain users, but to limit that access in such a restrictive way that the user cannot access something the administrator does not want them to access.

Chroot is also commonly used when running system services. Most UNIX system services run as the root user. This makes these services extremely vulnerable to buffer overflow attacks. If a “buffer overflow attack” succeeds, the attacker will be left with a shell on the system that has inherited the permissions of the service owner (in this case, root). However, if the service is run in its own chroot jail, the damage caused by these kinds of attacks is greatly minimized, because the attacker is left with an extremely limited shell as opposed to their entire filesystem.

Relevance Read:

• Search Many Files and Print
• Finding Out The Last Modified Time For Files
• Unix Commands for Finding Files
• Show Difference Between Two Files
• Displaying Tabs In A File

Return to : - Unix System Administration Hints and Tips