Shulou(Shulou.com)06/02 Report--

Chroot, or change root directory (change the root directory). In linux systems, the default directory structure starts with /, that is, with the root. After using chroot, the directory structure of the system will take the specified location as the / location.

Basic grammar

Chroot NEWROOT [COMMAND [ARG]...]

For specific usage, please refer to demo in this article.

Why use the chroot command

It increases the security of the system and limits the rights of users:

After chroot, the root structure and files of the old system will not be accessed under the new root, thus enhancing the security of the system. Chroot is generally applied before the user logs in to control the user's access ability within a certain range.

Establish a system directory structure isolated from the original system to facilitate user development:

After using chroot, the system reads the directories and files under the new root, which is a directory structure that is not related to the files under the root of the original system. In this new environment, it can be used to test the static compilation of the software and some independent development that is not related to the system.

Switch the root location of the system, boot the Linux system and the first aid system, etc.

The function of chroot is to switch the root location of the system, which is most obviously used in the processing of the initial boot disk of the system, switching the root location of the system from the initial RAM disk (initrd) and executing the real init. The last demo of this article will describe this usage in detail.

Run the busybox tool through chroot

Busybox contains a wealth of tools that we can put in a directory and build a mini system through chroot. For simplicity, we directly use docker's busybox image to mirror the packaged file system. First create a directory rootfs under the current directory:

$mkdir rootfs

Then release the files in the busybox image to this directory:

$(docker export $(docker create busybox) | tar-C rootfs-xvf -)

View the contents of the rootfs folder through the ls command:

$ls rootfs

Everything is ready, let's get started!

Execute the ls command after chroot

$sudo chroot rootfs / bin/ls

Run the pwd command after chroot

$sudo chroot rootfs / bin/pwd

Ha, the pwd command really takes the rootfs directory as the root directory!

Execute chroot without command

$sudo chroot rootfs

I made a mistake this time because / bin/bash could not be found. We know that bash is not included in busybox, but why does the chroot command look for the bash command? It turns out that if you don't specify a command to execute for chroot, by default it will execute'${SHELL}-iTunes, whereas on my system ${SHELL} is / bin/bash.

Since there is no bash in busybox, we have to specify / bin/sh to execute shell.

$sudo chroot rootfs / bin/sh

There is no problem running sh, and we have printed out the PID of the current process.

Check whether the program is running in the chroot environment

Although we have done several experiments, some friends are bound to wonder, how can we prove that the command we are running is in the path behind the chroot directory?

In fact, we can check the root directory of the process through the files under the / proc directory. For example, we can check the root directory of the / bin/sh command running above with the following code (please execute in another shell):

$pid=$ (pidof-s sh) $sudo ls-ld / proc/$pid/root

The output clearly indicates that the root directory of the process with PID 46644 is mapped to the / tmp/rootfs directory.

Understand chroot commands through code

Let's try to implement a chroot program ourselves. The code involves two functions, the chroot () function and the chdir () function. In fact, the real chroot command is also implemented by calling them:

# include # include # include int main (int argc, char * argv []) {if (argc)

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.