Visit The New, Modern Unix Linux Community

Linux and UNIX Man Pages

Test Your Knowledge in Computers #905
Difficulty: Easy
Generally speaking, Unix systems are commercial, closed source and propriety operating systems so it is expensive to customize for supercomputing projects. Linux, on the other hand, is free and easier to customize.
True or False?
Linux & Unix Commands - Search Man Pages

chroot(2) [freebsd man page]

CHROOT(2)						      BSD System Calls Manual							 CHROOT(2)

NAME
chroot -- change root directory LIBRARY
Standard C Library (libc, -lc) SYNOPSIS
#include <unistd.h> int chroot(const char *dirname); DESCRIPTION
The dirname argument is the address of the pathname of a directory, terminated by an ASCII NUL. The chroot() system call causes dirname to become the root directory, that is, the starting point for path searches of pathnames beginning with '/'. In order for a directory to become the root directory a process must have execute (search) access for that directory. It should be noted that chroot() has no effect on the process's current directory. This call is restricted to the super-user. Depending on the setting of the 'kern.chroot_allow_open_directories' sysctl variable, open filedescriptors which reference directories will make the chroot() fail as follows: If 'kern.chroot_allow_open_directories' is set to zero, chroot() will always fail with EPERM if there are any directories open. If 'kern.chroot_allow_open_directories' is set to one (the default), chroot() will fail with EPERM if there are any directories open and the process is already subject to the chroot() system call. Any other value for 'kern.chroot_allow_open_directories' will bypass the check for open directories RETURN VALUES
Upon successful completion, the value 0 is returned; otherwise the value -1 is returned and the global variable errno is set to indicate the error. ERRORS
The chroot() system call will fail and the root directory will be unchanged if: [ENOTDIR] A component of the path name is not a directory. [EPERM] The effective user ID is not the super-user, or one or more filedescriptors are open directories. [ENAMETOOLONG] A component of a pathname exceeded 255 characters, or an entire path name exceeded 1023 characters. [ENOENT] The named directory does not exist. [EACCES] Search permission is denied for any component of the path name. [ELOOP] Too many symbolic links were encountered in translating the pathname. [EFAULT] The dirname argument points outside the process's allocated address space. [EIO] An I/O error occurred while reading from or writing to the file system. SEE ALSO
chdir(2), jail(2) HISTORY
The chroot() system call appeared in 4.2BSD. It was marked as ``legacy'' in Version 2 of the Single UNIX Specification (``SUSv2''), and was removed in subsequent standards. BUGS
If the process is able to change its working directory to the target directory, but another access control check fails (such as a check for open directories, or a MAC check), it is possible that this system call may return an error, with the working directory of the process left changed. SECURITY CONSIDERATIONS
The system have many hardcoded paths to files where it may load after the process starts. It is generally recommended to drop privileges immediately after a successful chroot call, and restrict write access to a limited subtree of the chroot root, for instance, setup the sand- box so that the sandboxed user will have no write access to any well-known system directories. BSD
January 3, 2012 BSD

Check Out this Related Man Page

CHROOT(2)						      BSD System Calls Manual							 CHROOT(2)

NAME
chroot -- change root directory LIBRARY
Standard C Library (libc, -lc) SYNOPSIS
#include <unistd.h> int chroot(const char *dirname); int fchroot(int fd); DESCRIPTION
dirname is the address of the pathname of a directory, terminated by an ASCII NUL. chroot() causes dirname to become the root directory, that is, the starting point for path searches of pathnames beginning with '/'. In order for a directory to become the root directory a process must have execute (search) access for that directory. If the current working directory is not at or under the new root directory, it is silently set to the new root directory. It should be noted that, on most other systems, chroot() has no effect on the process's current directory. This call is restricted to the super-user. The fchroot() function performs the same operation on an open directory file known by the file descriptor fd. RETURN VALUES
Upon successful completion, a value of 0 is returned. Otherwise, a value of -1 is returned and errno is set to indicate an error. ERRORS
chroot() will fail and the root directory will be unchanged if: [ENOTDIR] A component of the path name is not a directory. [ENAMETOOLONG] A component of a pathname exceeded {NAME_MAX} characters, or an entire path name exceeded {PATH_MAX} characters. [ENOENT] The named directory does not exist. [EACCES] Search permission is denied for any component of the path name. [ELOOP] Too many symbolic links were encountered in translating the pathname. [EFAULT] dirname points outside the process's allocated address space. [EIO] An I/O error occurred while reading from or writing to the file system. [EPERM] The effective user ID of the calling process is not the super-user. fchroot() will fail and the root directory will be unchanged if: [EACCES] Search permission is denied for the directory referenced by the file descriptor. [EBADF] The argument fd is not a valid file descriptor. [EIO] An I/O error occurred while reading from or writing to the file system. [ENOTDIR] The argument fd does not reference a directory. [EPERM] The effective user ID of the calling process is not the super-user. SEE ALSO
chdir(2) STANDARDS
The chroot() function conforms to X/Open System Interfaces and Headers Issue 5 (``XSH5''), with the restriction that the calling process' working directory must be at or under the new root directory. Otherwise, the working directory is silently set to the new root directory; this is an extension to the standard. chroot() was declared a legacy interface, and subsequently removed in IEEE Std 1003.1-2001 (``POSIX.1''). HISTORY
The chroot() function call appeared in 4.2BSD. Working directory handling was changed in NetBSD 1.4 to prevent one way a process could use a second chroot() call to a different directory to "escape" from the restricted subtree. The fchroot() function appeared in NetBSD 1.4. BSD
April 18, 2001 BSD

Featured Tech Videos