chroot Command

Purpose

Changes the root directory of a command.

Syntax

chroot Directory Command

Description

Attention: If special files in the new root directory have different major and minor device numbers than the real root directory, it is possible to overwrite the file system.

The chroot command can be used only by a user operating with root user authority. If you have root user authority, the chroot command changes the root directory to the directory specified by the Directory parameter when performing the Command. The first / (slash) in any path name changes to Directory for the specified Command and any of its children.

The Directory path name is always relative to the current root. Even if the chroot command is in effect, the Directory path name is relative to the current root of the running process.

A majority of programs may not operate properly after the chroot command runs. For example, the commands that use the shared libraries are unsuccessful if the shared libraries are not in the new root file system. The most commonly used shared library is the /usr/ccs/lib/libc.a library.

The ls -l command is unsuccessful in giving user and group names if the current root location makes the /etc/passwd file beyond reach. In addition, utilities that depend on localized files (/usr/lib/nls/*) may also be unsuccessful if these files are not in the new root file system. It is your responsibility to ensure that all vital data files are present in the new root file system and that the path names accessing such files are changed as necessary.
Note: Ensure that the /usr/sbin/execerror command is available on the new root file system so that descriptive error messages are returned in the event of a chroot failure. Otherwise, if there is an error, chroot returns Killed and nothing more.

Parameters

Item Description
Command Specifies a command to run with the chroot command.
Directory Specifies the new root directory.

Security

Attention RBAC users and Trusted AIX® users: This command can perform privileged operations. Only privileged users can run privileged operations. For more information about authorizations and privileges, see Privileged Command Database in Security. For a list of privileges and the authorizations associated with this command, see the lssecattr command or the getcmdattr subcommand.

Examples

Attention: The commands in the following examples may depend on shared libraries. Ensure that the shared libraries are in the new root file system before you run the chroot command.
  1. To run the pwd command with the /usr/bin directory as the root file system, enter:
    mkdir /usr/bin/lib
     
    cp /usr/ccs/lib/libc.a /usr/bin/lib
    
    cp /usr/lib/libcrypt.a /usr/bin/lib
     
    chroot /usr/bin pwd
  2. To run a Korn shell subshell with another file system as the root file system, enter:
    chroot /var/tmp /usr/bin/ksh
    This makes the directory name / (slash) refer to the /var/tmp for the duration of the /usr/bin/ksh command. It also makes the original root file system inaccessible. The file system on the /var/tmp file must contain the standard directories of a root file system. In particular, the shell looks for commands in the /bin and /usr/bin files on the /var/tmp file system.

    Running the /usr/bin/ksh command creates a subshell that runs as a separate process from your original shell. Press the END OF FILE (Ctrl-d) key sequence to end the subshell and go back to where you were in the original shell. This restores the environment of the original shell, including the meanings of the . (current directory) and the / (root directory).

  3. To create a file relative to the original root, not the new one, enter:
    chroot directory Command > file

Files

Item Description
/etc/passwd Specifies file that contains basic user attributes.
/usr/ccs/lib/libc.a Specifies the standard I/O library and the standard C library.
/usr/ccs/lib/libcurses.a Specifies the curses library.
/usr/lib/liblvm.a Specifies the LVM (Logical Volume Manager) library.
/usr/ccs/lib/libm.a Specifies the math library.
/usr/lib/libodm.a Specifies the ODM (Object Data Manager) library.
/usr/sbin/chroot Contains the chroot command.