How to Use Chroot in Linux and Fix Your Crashed System

0

Chroot is a Linux/Unix utility that can change or modify the root filesystem. With the help of chroot , you can easily create an isolated filesystem inside your main filesystem. Chroot is particularly useful for separating your work and home environment or if you want a test environment to test software in isolation.

Difference Between Chroot and Virtual Machine

At first glance, you can think of chroot as similar to a virtual machine or a containerized system like docker. It’s a bit similar but chroot is a much lighter solution than a virtual machine. The virtual machine needs a hypervisor to install and run on a separate kernel, different from the host machine. Unlike a virtual machine, chroot shares the same kernel and processes, but creates a jail in the filesystem. Inside the prison, it is not possible to look outside without root permission. Hence, isolated file system is also called chroot jail.

Different Chroot Use Cases

  1. Isolated build environment in the CI/CD pipeline: Chroot is used to create an isolated build environment for applications in the CI/CD pipeline. This allows your app to be built with unique dependencies and is completely isolated from all other build environments to remove potential conflicts.
  2. Separate development and test environment: Often, software that works on the developer’s machine does not work on the end user’s device. This is because the developer has lots of tools and dependencies installed in their system. Normal people don’t have all these dependencies installed on their machines. So, to test the software, if it will work on all devices, the developer or tester can easily create a simple vanilla environment using chroot to test their software.
  3. Reduce developer risk: As a developer, we often create programs that interact with our system files without any proper sandboxing. Therefore, if we make a mistake, our software can easily erase our important data from our device. To reduce this type of risk, the developer often uses chroot to create a new working environment and reduce their risk of data loss.
  4. A different version of the same software: Sometimes you need to install a very old or very recent version of some software or dependencies for development purposes. But using such conflicting dependency can mess up your system. This situation can be easily overcome by using the chroot jail.
  5. Fix a faulty system: If you have a broken system, you can easily fix it using chroot. Simply boot a live Linux environment into the device and mount the filesystem. Using this mount point, you can run different commands to solve your problem. We will talk about this later in the article.
  6. Run an FTP server securely: FTP stands for File Transfer Protocol. Running an FTP server allows you to share only the files you want. Therefore, no remote peer can see and access your host file system.

Creating a chroot environment

This is a quick guide to creating a chroot environment in your system. You can get detailed information on the arch wiki.

  1. To create a chroot environment, create a new directory in your home folder. In this folder, our isolated file system will be present in the future. In this tutorial, I named the folder “mte”.
  1. Next, we’ll create a very minimal Linux environment. We install bash as a shell in the chroot environment and install ls, rmand touch to list, delete and create files respectively. Now let’s create the required directories in our “mte” directory.
cd ~/mte
mkdir bin
mkdir lib
mkdir lib64
  1. Copy the required binaries from our usual “/bin” directory to our “~/mte” chroot environment.
cp /bin/bash ~/mte/bin
cp /bin/touch ~/mte/bin
cp /bin/ls ~/mte/bin
cp /bin/rm ~/mte/bin
  1. Copying the binaries is not enough. We also need to copy their dependencies to the “mte” folder. To know the required dependencies, we use the ldd ordered. If you want to know the bash dependency, run

We get this output from the above command.

Chroot Ldd, self captured
  1. Now listing these dependencies and copying them one by one will be extremely slow and boring. Therefore, to automate this process, we will use a bash script. Create a file named “copydependancy.sh” and write these shell commands inside.
#Setting the chroot directory
mte="~/mte"
 
# enter your binary name
echo -e "Please enter your binary name n"
 
#Reading from terminal input
read binaryname
 
# Listing all the dependencies
list="$(ldd /bin/$binaryname | egrep -o '/lib.*.[0-9]')"
 
# Looping through the dependency list
for i in $list; do cp -v --parents "$i" "${mte}"; done

Let’s understand what this script does. At first, this shell script asks for the binary name. Then it takes that binary name and finds all the dependencies of that binary and saves it to a list variable. Then it runs a for loop that runs over each item in the list and copies the dependency from our normal “/bin” file to our “mte” chroot directory.

Save this script elsewhere and refer to it when creating a new chroot environment.

Then change the permission of the script and run it in our terminal.

chmod +x copydependancy.sh
  1. As all the dependencies are installed in our system, let’s activate our chroot environment. The standard chroot command looks like this.
chroot [-OPTION] [PATH FOR NEW ROOT] [PATH FOR SERVER]

But to fulfill our purpose, we run the following command to activate our chroot environment.

sudo chroot ~/mte /bin/bash

The above command enables a chroot environment in the “~/mte” directory and specifies to run a bash shell. You can now see a change in your terminal prompt and you can now use the touch, rmand ls commands to create, delete and list files respectively.

To exit the chroot environment, you can run the exit command to exit the chroot environment.

If you want to completely remove the chroot environment, you can simply remove the “mte” directory from your filesystem.

Repair a broken bootloader using Chroot

The most fascinating thing about chroot is that you can get into a broken system and run a command there. Therefore, using chroot, you can easily install a critical update to repair a system or reinstall the entire bootloader to fix the problem.

But for that, you need to have a live Linux environment. Create a bootable USB drive by downloading a Linux ISO and booting from the USB drive. It gives you a live environment to work with. Now mount your system partition to work with chroot.

sudo mount -t ext4 /dev/sda /mnt

Here change the “/dev/sda” with the name of the system partition you want to work with. Now let the grub bootloader find the information it needs to fix the bootloader problem.

sudo mount --bind /dev /mnt/dev &&
sudo mount --bind /dev/pts /mnt/dev/pts &&
sudo mount --bind /proc /mnt/proc &&
sudo mount --bind /sys /mnt/sys

Now let’s chroot into the “/mnt” directory and enter the faulty system.

Now install, verify and update the grub bootloader on your system. Be sure to use the correct drive name. Do not copy these commands blindly.

grub-install /dev/sda
grub-install --recheck /dev/sda
update-grub

Then exit the shell using the exit command. We mentioned it earlier. Now unlink the previously linked directories and unmount the filesystem. Run these commands one after the other consecutively.

sudo umount /mnt/sys &&
sudo umount /mnt/proc &&
sudo umount /mnt/dev/pts &&
sudo umount /mnt/dev &&
sudo umount /mnt

Now restart your PC and unplug the live USB. When the computer boots, your grub bootloader will shine like new and everything should work just fine.

Frequently Asked Questions

Is Chroot secure?

Chroot does not imply security. He never intended to be. For security, you can use SELinux. If you place someone in a chroot directory, they don’t have access to the root filesystem. But that doesn’t mean it makes your system unbreakable. Chroot doesn’t mean less security either. It simply represents security equal to that of your main system. No more no less.

What are the limitations of Chroot systems?

The chroot system is not intended to protect against intentional modification by the root user. In some systems, chrooted programs can gain sufficient privileges to create their own chroot environment and break out of the chroot jail. Cheroot does not mean complete isolation. You can generally do whatever you want in user space. You can access hardware devices, you can mount and read anything. This is on condition that you don’t have to install any other program then you need root privilege which you don’t have.

Why is Chroot called prison?

Chroot is called a prison because it locks you in an isolated environment. You can do whatever you want inside this jail, but you can’t get out of it without root user permission. Also, you have a limited number of utilities provided by the root user and you cannot install anything by yourself. For all these restrictions, it’s called a chroot jail.

Was this article helpful?

Subscribe to our newsletter!

Our latest tutorials delivered straight to your inbox

Share.

About Author

Comments are closed.