77 lines
2.2 KiB
Plaintext
77 lines
2.2 KiB
Plaintext
.nr X
|
|
.if \nX=0 .ds x} chroot 1M "System Administration Utilities" "\&"
|
|
.TH \*(x}
|
|
.SH NAME
|
|
chroot \- change root directory for a command
|
|
.SH SYNOPSIS
|
|
.nf
|
|
\f3chroot\f1 newroot command
|
|
.fi
|
|
.SH DESCRIPTION
|
|
.I chroot
|
|
causes the given
|
|
.I command
|
|
to be executed
|
|
relative to the new root,
|
|
.IR newroot .
|
|
The meaning of any initial slashes
|
|
.RB ( / )
|
|
in the pathnames is changed for the command and any of its child processes to
|
|
.IR newroot .
|
|
Furthermore, upon execution, the initial working directory is
|
|
.IR newroot .
|
|
.PP
|
|
If you redirect the output of the command
|
|
to a file:
|
|
.Ex
|
|
\f4chroot \f2newroot command\f4 > \f2x\f1
|
|
.Ee
|
|
.I chroot
|
|
creates the file
|
|
.I x
|
|
relative to the original root of the command, not the new one.
|
|
.PP
|
|
The new root pathname is always relative to the current root; even if a
|
|
.I chroot
|
|
is currently in effect, the
|
|
.I newroot
|
|
argument is relative to the current root of the
|
|
running process.
|
|
.PP
|
|
This command can be run only by the superuser.
|
|
.SH CAVEAT
|
|
In order to execute programs that use shared libraries, the
|
|
following directories and their contents must be present in
|
|
the new root directory.
|
|
.IP "\f2/lib\f1 and \f2/lib32\fP" 13
|
|
These directories must contain the run-time loader (\f2/lib/rld\f1 and/or
|
|
\f2/lib32/rld\fP) and
|
|
any shared object files needed by your applications (usually including
|
|
\f2libc.so.1\f1). That means it must normally be in \f2/lib\fP
|
|
and a symlink in \f2/usr/lib\fP to \f2../../lib/libc.so.1\P (and often
|
|
the same for \f2/usr/lib32\fP to \f2../../lib32/libc.so.1\fP).
|
|
.IP \f2./dev\f1
|
|
The run-time loader needs the zero device in order to work correctly.
|
|
\f2/dev/zero\f1 is also needed; make it readonly (mode 444).
|
|
.PP
|
|
A chroot can also be accomplished when users login by prefixing the
|
|
shell field of their password entry with a
|
|
.BR * ,
|
|
See the
|
|
.BR passwd (4)
|
|
man page for more info.
|
|
.SH SEE ALSO
|
|
cd(1),
|
|
chroot(2),
|
|
ftpd(1m) (for more comments on issues in setting up chroot'ed environments),
|
|
passwd(4)
|
|
.SH NOTES
|
|
Exercise extreme caution when referencing device files
|
|
in the new root filesystem.
|
|
.PP
|
|
When using
|
|
.IR chroot ,
|
|
with commands that are dynmically linked, all of the libraries required must
|
|
be in the chroot'ed environment. The system will usually log a message in
|
|
\f2/var/adm/SYSLOG\fP if some libraries or \f2rld\fP are not found.
|