Shulou(Shulou.com)06/01 Report--

This article is to share with you about how to use the chroot command of the Linux system. The editor thinks it is very practical, so I share it with you to learn. I hope you can get something after reading this article.

Introduction to chroot: chroot is both a command and a system call to Linux.

The function of chroot is to change the root directory of the current environment to a folder, something outside this folder.

Are invisible to the current environment.

So if you are running untrusted code or programs, using chroot as a security sandbox is a good choice.

Why after using chroot after chroot, the directories and files read by the system will no longer be the directory structure and files under the old system root but under the new root (that is, the new location specified), so the benefits it brings are roughly as follows:

It increases the security of the system and limits the power of users.

After chroot, the root structure and files of the old system will not be accessed under the new root, thus enhancing the security of the system. This is generally done by using chroot before logging in (login) so that users cannot access certain files.

Establish a system directory structure isolated from the original system to facilitate the development of users.

After using chroot, the system reads the directories and files under the new root, which is a directory structure that is not related to the files under the root of the original system. In this new environment, it can be used to test the static compilation of the software and some independent development that is not related to the system.

Switch the root location of the system, boot the Linux system and the first aid system, etc.

The role of chroot is to switch the root location of the system, and this effect is most obvious in the processing of the initial boot disk of the system, switching the root location of the system from the initial RAM disk (initrd) and performing the real init. In addition, when there are some problems with the system, we can also use chroot to switch to a temporary system.

The use of chroot to better understand the role of chroot, we will try to specify a specific location for root switching. However, after chroot, the bin/ and other system-related directories read by the system will no longer be under the root of the old system, but the directory structure and files under the new root after switching, so it is necessary for us to prepare some directory structure and necessary files.

Listing 1. Directory structure to be switched

Busybox

Busybox is called the Swiss Army knife in embedded Linux. Busybox contains many useful commands, such as cat, find, etc., but its size is very small.

$pwd / home/wstone/Build/work $tree. . |-- bin | |-- ash-> busybox | |-- bash | `--busybox |-- etc`-- newhome. Statically compiled busybox is used to provide necessary commands. Static compilation is used only to avoid copying dynamic library files. Of course, we can also copy the commands from the old system to the new directory structure, but those commands are usually compiled dynamically, which means we have to copy the relevant dynamic library files into the corresponding directory structure. At the same time, the bash here is not a real Bourne Again shell, but a shell script that executes ash. In listing 2, the use of the chroot command on the old system is shown. It should be noted that when using chroot, relevant operation permissions are required.

Listing 2. The use of chroot located in the system

Mount / dev/hda1 / new-root cd / new-root pivot_root. Old-root exec chroot. / sbin/initdev/console 2 > & 1 umount / old-root We can see the current path (/ home/wstone/Build/work/), which changes to the / directory after chroot, and reads the directory structure related to the system from the new root. The failure to use the ls command was due to the fact that the test directory structure we created did not contain the command ls, but we successfully used ls in busybox. What we have seen above is only one way to use chroot. In fact, there are two standard ways to use chroot (chroot provided by Coreutils-GNU core utilities):

Listing 3. Two ways of using Standard chroot

Chroot NEWROOT [COMMAND...] Chroot OPTION we just used the method [2]. This will execute / bin/sh by default when no environment is given, but when the environment is given, it will run ${SHELL}-I, which is the same interactive shell as the environment. Sh is not included in our directory structure, and obviously the chroot in listing 2 runs ${SHELL}-I. Of course, we can also specify the commands we need when switching, even if we use the method [1].

Listing 4. Use of another way of using chroot

# chroot. / bin/ash # in listing 4, you try to execute ash shell under the new directory structure after going through chroot. I have to say that if the directory structure and files under the new root are well prepared, then a new simple Linux system can be used. In fact, it is more common to use chroot in the initial RAM disk (initrd) to execute the init of the system. Listing 5 shows the use of chroot in the Linux 2.4 kernel initrd.

Listing 5. Example of using chroot in Linux 2.4 kernel initrd

Mount / dev/hda1 / new-root cd / new-root pivot_root. Old-root exec chroot. / sbin/initdev/console 2 > & 1 umount / old-root due to the upgrade of the Linux kernel, the initrd processing mechanism and format have changed. Pivot_root can no longer be used in the Linux 2.6 kernel initrd, so generally no longer use chroot, but choose to use the switch_root provided by busybox or the run-init provided by klibc to switch the root directory. This is not to say that chroot cannot be used in the Linux 2.6 kernel initrd, switch_root or run-init is chosen only for the sake of habit and convenience.) But in essence, they only encapsulate the functions of chroot to make it easier to switch to the root directory.

Listing 6. The use of chroot in Linux 2.6Kernel initrd

Find-xdev /-exec rm'{}'; cd / newmount; mount-- move. /; chroot .switch _ root and run-init perform functions similar to those in listing 6, removing all the contents of rootfs to free up space, and mounting and switching the new root file system. The chroot command is also available in busybox and klibc, but it is slightly different in functionality from the chroot included in Coreutils (GNU core utilities).

What is Linux system Linux is a free-to-use and free-spread UNIX-like operating system, is a POSIX-based multi-user, multi-task, multi-threaded and multi-CPU operating system, using Linux can run major Unix tools, applications and network protocols.

The above is how to use the chroot command of the Linux system. The editor believes that there are some knowledge points that we may see or use in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.