This article will teach you how to setup a chroot jail on Debian. I assume that you’re using Debian 7.x. If you’re running Debian 6 or 8, this may work, but keep in mind that I haven’t tested other versions of Debian.
Log into your VPS as the root user. You may also run the commands with sudo.
Step 1: Installing the dependencies
To start off, you’ll need to run the following commands for installation, which will be explained later.
apt-get install binutils debootstrap
You’ll also need to choose a place to setup the chroot. For this article, we’ll using the
Step 2: Creating the required directories
Make the chroot folder.
mkdir -p /var/chroot
Great! The preliminary steps have been completed. Now, let’s make the chroot useful.
Step 3 Copying over commands and their dependencies
We need a command interpreter, so let’s copy bash.
mkdir -p /var/chroot/bin cp /bin/bash /var/chroot/bin
Every program has it’s own dependencies, and bash is one of them. Take a look at them by running:
It should look like this if you’re running a 32 bit version:
linux-gate.so.1 => (0xb773e000) libtinfo.so.5 => /lib/i386-linux-gnu/libtinfo.so.5 (0xb7718000) libdl.so.2 => /lib/i386-linux-gnu/libdl.so.2 (0xb7714000) libc.so.6 => /lib/i386-linux-gnu/libc.so.6 (0xb75c3000) /lib/ld-linux.so.2 (0xb773f000)
Let’s copy these files over. If you see different dependencies, just copy over the path after the
mkdir -p /var/chroot/lib mkdir -p /var/chroot/lib/i386-linux-gnu cp /lib/i386-linux-gnu/libtinfo.so.5 /var/chroot/lib/i386-linux-gnu cp /lib/i386-linux-gnu/libdl.so.2 /var/chroot/lib/i386-linux-gnu cp /lib/i386-linux-gnu/libc.so.6 /var/chroot/lib/i386-linux-gnu
Step 4: Testing the environment
Now that we have bash setup – let’s test it.
The bash command interpreter will open, but there won’t be any other commands to run. This is because we haven’t copied any other programs over to the chroot folder. If you want more commands, type
exit and repeat step 3.
That’s all it takes. You now have a basic chroot set up. You can test commands, jail your users, etc.
If you want networking in the chroot, you’ll need to run the following commands
mkdir -p /var/chroot/etc cp /etc/resolv.conf /var/chroot/etc cp /etc/gai.conf /var/chroot/etc
Want to contribute?
You could earn up to $300 by adding new articles
Suggest an update
Request an article