The ‘chroot‘ runs a command or an interactive shell from another directory and treats that directory as a root. This process is called as changing root and the new root directory is referred to as “chroot jail”.

The term ‘chroot’ refers to a process of creating a virtualized environment in the Unix operating system, separating it from the main operating system and the directory structure. This process essentially generates a confined space, with its own root directory, to run a software program. This virtual environment runs separately from the main operating system’s root directory. Any other software program running in this environment can only access files within its own directory tree. It cannot access the files outside of that directory tree. This confined virtual environment is always called a “chroot jail”.

The chroot was first utilized in the development of the Unix version 7 in 1979. It was later added to BSD on March 18, 1982. The Computer programmers can use a chroot virtual environment to develop and test the software programs, especially if doing on a production system is too risky. They can also use a chroot virtual environment to run the software programs that have compatibility issues with the computer’s operating system. They can set up the software in the virtual environment, along with the supported libraries and files that are needed to run the software. It is also used by POSIX systems for their FTP servers, to isolate untrusted FTP clients.

The syntax of chroot:


The chroot runs a command with the root directory set to NEWROOT.

Options of chroot:

  • –userspec=USER: GROUP – It specifies the user and group that can be identified by name or numeric ID.
  • –groups=G_LIST – It specifies a supplementary group as g1,g2,..,gN.
  • –help – It displays a help message and exit.
  • –version – It shows an output version information and exit.

If no command is specified, then chroot executes the command ‘${SHELL} -i‘.

By default, this is ‘/bin/sh -i’. This will drop you into a ‘sh’ shell as root in the NEWROOT directory.


Common usage are:

  • Recompiling application in a context other than the machine that hosts the chroot (backport, cross-compiling, …)

  • Update service production by tilting the old service (host machine) to the new (installed in the chroot)
  • Securing a service “chrooted” from the host machine (and vice versa)

Categorized in:

Tagged in: