chroot(1M) chroot(1M)
chroot - change root directory for a command
chroot newroot command
chroot causes the given command to be executed relative to the new root,
newroot. The meaning of any initial slashes (/) in the pathnames is
changed for the command and any of its child processes to newroot.
Furthermore, upon execution, the initial working directory is newroot.
If you redirect the output of the command to a file:
chroot newroot command <b>> x
chroot creates the file x relative to the original root of the command,
not the new one.
The new root pathname is always relative to the current root; even if a
chroot is currently in effect, the newroot argument is relative to the
current root of the running process.
This command can be run only by the superuser.
In order to execute programs that use shared libraries, the following
directories and their contents must be present in the new root directory.
/lib and /lib32
These directories must contain the run-time loader (/lib/rld
and/or /lib32/rld) and any shared object files needed by
your applications (usually including libc.so.1). That means
it must normally be in /lib and a symlink in /usr/lib to
../../lib/libc.so.1P (and often the same for /usr/lib32 to
../../lib32/libc.so.1).
./dev The run-time loader needs the zero device in order to work
correctly. /dev/zero is also needed; make it readonly (mode
444).
A chroot can also be accomplished when users login by prefixing the shell
field of their password entry with a *, See the passwd(4) man page for
more info.
cd(1), chroot(2), ftpd(1m) (for more comments on issues in setting up
chroot'ed environments), passwd(4)
Page 1
chroot(1M) chroot(1M)
NOTES
Exercise extreme caution when referencing device files in the new root
filesystem.
When using chroot, with commands that are dynamically linked, all of the
libraries required must be in the chroot'ed environment. The system will
usually log a message in /var/adm/SYSLOG if some libraries or rld are not
found.
P�P�P�Pa�a�a�ag�g�g�ge�e�e�e 2�2�2�2 [ Back ]
|
