chroot(1M) chroot(1M) NAME chroot - change root directory for a command SYNOPSIS chroot newroot command DESCRIPTION chroot causes the given command to be executed relative to the new root, newroot. The meaning of any initial slashes (/) in the pathnames is changed for the command and any of its child processes to newroot. Furthermore, upon execution, the initial working directory is newroot. If you redirect the output of the command to a file: chroot newroot command > x chroot creates the file x relative to the original root of the command, not the new one. The new root pathname is always relative to the current root; even if a chroot is currently in effect, the newroot argument is relative to the current root of the running process. This command can be run only by the superuser. CAVEAT In order to execute programs that use shared libraries, the following directories and their contents must be present in the new root directory. /lib and /lib32 These directories must contain the run-time loader (/lib/rld and/or /lib32/rld) and any shared object files needed by your applications (usually including libc.so.1). That means it must normally be in /lib and a symlink in /usr/lib to ../../lib/libc.so.1P (and often the same for /usr/lib32 to ../../lib32/libc.so.1). ./dev The run-time loader needs the zero device in order to work correctly. /dev/zero is also needed; make it readonly (mode 444). A chroot can also be accomplished when users login by prefixing the shell field of their password entry with a *, See the passwd(4) man page for more info. SEE ALSO cd(1), chroot(2), ftpd(1m) (for more comments on issues in setting up chroot'ed environments), passwd(4) NOTES Exercise extreme caution when referencing device files in the new root filesystem. When using chroot, with commands that are dynamically linked, all of the libraries required must be in the chroot'ed environment. The system will usually log a message in /var/adm/SYSLOG if some libraries or rld are not found. Page 2