Article

Table of Contents
Theme:
Was this article helpful?

1  out of  2 found this helpful

Try Vultr Today with

$50 Free on Us!

Get started now
Want to contribute?

You could earn up to $600 by adding new articles.

Learn more!

Setting up a Chroot on Debian

Last Updated: Wed, Jun 24, 2015
Debian Linux Guides Security

This article will teach you how to setup a chroot jail on Debian. I assume that you're using Debian 7.x. If you're running Debian 6 or 8, this may work, but keep in mind that I haven't tested other versions of Debian.

Log into your VPS as the root user. You may also run the commands with sudo.

Step 1: Installing the dependencies

To start off, you'll need to run the following commands for installation, which will be explained later.

apt-get install binutils debootstrap

You'll also need to choose a place to setup the chroot. For this article, we'll using the /var/chroot directory.

Step 2: Creating the required directories

Make the chroot folder.

mkdir -p /var/chroot

Great! The preliminary steps have been completed. Now, let's make the chroot useful.

Step 3 Copying over commands and their dependencies

We need a command interpreter, so let's copy bash.

mkdir -p /var/chroot/bin

cp /bin/bash /var/chroot/bin

Every program has it's own dependencies, and bash is one of them. Take a look at them by running:

ldd /bin/bash

It should look like this if you're running a 32 bit version:

linux-gate.so.1 =>  (0xb773e000)

libtinfo.so.5 => /lib/i386-linux-gnu/libtinfo.so.5 (0xb7718000)

libdl.so.2 => /lib/i386-linux-gnu/libdl.so.2 (0xb7714000)

libc.so.6 => /lib/i386-linux-gnu/libc.so.6 (0xb75c3000)

/lib/ld-linux.so.2 (0xb773f000)

Let's copy these files over. If you see different dependencies, just copy over the path after the => part.

mkdir -p /var/chroot/lib 

mkdir -p /var/chroot/lib/i386-linux-gnu

cp /lib/i386-linux-gnu/libtinfo.so.5 /var/chroot/lib/i386-linux-gnu

cp /lib/i386-linux-gnu/libdl.so.2 /var/chroot/lib/i386-linux-gnu

cp /lib/i386-linux-gnu/libc.so.6 /var/chroot/lib/i386-linux-gnu

Step 4: Testing the environment

Now that we have bash setup - let's test it.

chroot /var/chroot

The bash command interpreter will open, but there won't be any other commands to run. This is because we haven't copied any other programs over to the chroot folder. If you want more commands, type exit and repeat step 3.

That's all it takes. You now have a basic chroot set up. You can test commands, jail your users, etc.

If you want networking in the chroot, you'll need to run the following commands

mkdir -p /var/chroot/etc

cp /etc/resolv.conf /var/chroot/etc

cp /etc/gai.conf /var/chroot/etc

Want to contribute?

You could earn up to $600 by adding new articles.

Submit your article Request an article