chroot(1)
Run a command or interactive shell with a different root directory.
Synopsis
chroot [OPTION] NEWROOT [COMMAND [ARG]...]Description
chroot changes the root directory for a process and its children to NEWROOT, then executes COMMAND (or an interactive shell if no command is given). All file paths become relative to this new root, isolating the process from the rest of the filesystem.
Commonly used for system recovery, testing software in isolated environments, building containerized applications, and creating lightweight sandboxes. The calling process must have appropriate privileges, typically root.
Common options
| Flag | What it does |
|---|---|
--userspec=USER:GROUP | Specify user and group (by name or ID) to run the command as after changing root |
--groups=GROUP1,GROUP2,... | Set supplementary groups for the process |
--skip-chdir | Do not change to directory / inside the new root |
-h, --help | Display help message and exit |
-V, --version | Show version information and exit |
Examples
Start an interactive bash shell with /mnt/backup as the root directory, useful for system recovery
sudo chroot /mnt/backup /bin/bashExecute a PHP script isolated within /var/www, restricting file access to that directory tree
sudo chroot /var/www /usr/bin/php script.phpStart a shell in the chroot as the www-data user and group, reducing privilege escalation risk
sudo chroot --userspec=www-data:www-data /home/app /bin/shList the root directory contents of the chroot environment without entering interactive shell
sudo chroot /mnt/newroot /bin/ls -la /Run an application with /opt/app as root but stay in the current working directory
sudo chroot --skip-chdir /opt/app /usr/bin/myappRun an SSH daemon confined to a jail directory for sandboxed remote access
sudo chroot /srv/jail /usr/sbin/sshd -D