Setting up a Chroot on Debian

Published on: Wed, Jun 24, 2015 at 4:11 pm EST
Debian Linux Guides Security

This article will teach you how to setup a chroot jail on Debian. I assume that you're using Debian 7.x. If you're running Debian 6 or 8, this may work, but keep in mind that I haven't tested other versions of Debian.

Log into your VPS as the root user. You may also run the commands with sudo.

Step 1: Installing the dependencies

To start off, you'll need to run the following commands for installation, which will be explained later.

apt-get install binutils debootstrap

You'll also need to choose a place to setup the chroot. For this article, we'll using the /var/chroot directory.

Step 2: Creating the required directories

Make the chroot folder.

mkdir -p /var/chroot

Great! The preliminary steps have been completed. Now, let's make the chroot useful.

Step 3 Copying over commands and their dependencies

We need a command interpreter, so let's copy bash.

mkdir -p /var/chroot/bin
cp /bin/bash /var/chroot/bin

Every program has it's own dependencies, and bash is one of them. Take a look at them by running:

ldd /bin/bash

It should look like this if you're running a 32 bit version:

linux-gate.so.1 =>  (0xb773e000)
libtinfo.so.5 => /lib/i386-linux-gnu/libtinfo.so.5 (0xb7718000)
libdl.so.2 => /lib/i386-linux-gnu/libdl.so.2 (0xb7714000)
libc.so.6 => /lib/i386-linux-gnu/libc.so.6 (0xb75c3000)
/lib/ld-linux.so.2 (0xb773f000)

Let's copy these files over. If you see different dependencies, just copy over the path after the => part.

mkdir -p /var/chroot/lib 
mkdir -p /var/chroot/lib/i386-linux-gnu
cp /lib/i386-linux-gnu/libtinfo.so.5 /var/chroot/lib/i386-linux-gnu
cp /lib/i386-linux-gnu/libdl.so.2 /var/chroot/lib/i386-linux-gnu
cp /lib/i386-linux-gnu/libc.so.6 /var/chroot/lib/i386-linux-gnu

Step 4: Testing the environment

Now that we have bash setup - let's test it.

chroot /var/chroot

The bash command interpreter will open, but there won't be any other commands to run. This is because we haven't copied any other programs over to the chroot folder. If you want more commands, type exit and repeat step 3.

That's all it takes. You now have a basic chroot set up. You can test commands, jail your users, etc.

If you want networking in the chroot, you'll need to run the following commands

mkdir -p /var/chroot/etc
cp /etc/resolv.conf /var/chroot/etc
cp /etc/gai.conf /var/chroot/etc

Want to contribute ?

You could earn up to $300 by adding new articles