124 lines
4.3 KiB
Groff
124 lines
4.3 KiB
Groff
|
.\" $OpenBSD: chroot.2,v 1.24 2022/03/31 17:27:16 naddy Exp $
|
||
|
.\" $NetBSD: chroot.2,v 1.7 1995/02/27 12:32:12 cgd Exp $
|
||
|
.\"
|
||
|
.\" Copyright (c) 1983, 1991, 1993
|
||
|
.\" The Regents of the University of California. All rights reserved.
|
||
|
.\"
|
||
|
.\" Redistribution and use in source and binary forms, with or without
|
||
|
.\" modification, are permitted provided that the following conditions
|
||
|
.\" are met:
|
||
|
.\" 1. Redistributions of source code must retain the above copyright
|
||
|
.\" notice, this list of conditions and the following disclaimer.
|
||
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
||
|
.\" notice, this list of conditions and the following disclaimer in the
|
||
|
.\" documentation and/or other materials provided with the distribution.
|
||
|
.\" 3. Neither the name of the University nor the names of its contributors
|
||
|
.\" may be used to endorse or promote products derived from this software
|
||
|
.\" without specific prior written permission.
|
||
|
.\"
|
||
|
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
||
|
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
||
|
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||
|
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||
|
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||
|
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||
|
.\" SUCH DAMAGE.
|
||
|
.\"
|
||
|
.\" @(#)chroot.2 8.1 (Berkeley) 6/4/93
|
||
|
.\"
|
||
|
.Dd $Mdocdate: March 31 2022 $
|
||
|
.Dt CHROOT 2
|
||
|
.Os
|
||
|
.Sh NAME
|
||
|
.Nm chroot
|
||
|
.Nd change root directory
|
||
|
.Sh SYNOPSIS
|
||
|
.In unistd.h
|
||
|
.Ft int
|
||
|
.Fn chroot "const char *dirname"
|
||
|
.Sh DESCRIPTION
|
||
|
.Fa dirname
|
||
|
is the address of the pathname of a directory, terminated by an ASCII NUL.
|
||
|
.Fn chroot
|
||
|
causes
|
||
|
.Fa dirname
|
||
|
to become the root directory, that is, the starting point for path
|
||
|
searches of pathnames beginning with
|
||
|
.Ql / .
|
||
|
.Pp
|
||
|
In order for a directory to become the root directory,
|
||
|
a process must have execute (search) access for that directory.
|
||
|
.Pp
|
||
|
If the program is not currently running with an altered root directory,
|
||
|
it should be noted that
|
||
|
.Fn chroot
|
||
|
has no effect on the process's current directory.
|
||
|
.Pp
|
||
|
If the program is already running with an altered root directory, the
|
||
|
process's current directory is changed to the same new root directory.
|
||
|
This prevents the current directory from being further up the directory
|
||
|
tree than the altered root directory.
|
||
|
.Pp
|
||
|
This call is restricted to the superuser.
|
||
|
.Sh RETURN VALUES
|
||
|
.Rv -std
|
||
|
.Sh EXAMPLES
|
||
|
The following example changes the root directory to
|
||
|
.Va newroot ,
|
||
|
sets the current directory to the new root, and drops some
|
||
|
setuid privileges.
|
||
|
There may be other privileges which need to be dropped as well.
|
||
|
.Bd -literal -offset indent
|
||
|
#include <err.h>
|
||
|
#include <unistd.h>
|
||
|
|
||
|
if (chroot(newroot) != 0 || chdir("/") != 0)
|
||
|
err(1, "%s", newroot);
|
||
|
setresuid(getuid(), getuid(), getuid());
|
||
|
.Ed
|
||
|
.Sh ERRORS
|
||
|
.Fn chroot
|
||
|
will fail and the root directory will be unchanged if:
|
||
|
.Bl -tag -width Er
|
||
|
.It Bq Er ENOTDIR
|
||
|
A component of the pathname is not a directory.
|
||
|
.It Bq Er ENAMETOOLONG
|
||
|
A component of a pathname exceeded
|
||
|
.Dv NAME_MAX
|
||
|
characters, or an entire pathname (including the terminating NUL)
|
||
|
exceeded
|
||
|
.Dv PATH_MAX
|
||
|
bytes.
|
||
|
.It Bq Er ENOENT
|
||
|
The named directory does not exist.
|
||
|
.It Bq Er EACCES
|
||
|
Search permission is denied for any component of the pathname.
|
||
|
.It Bq Er ELOOP
|
||
|
Too many symbolic links were encountered in translating the pathname.
|
||
|
.It Bq Er EFAULT
|
||
|
.Fa dirname
|
||
|
points outside the process's allocated address space.
|
||
|
.It Bq Er EIO
|
||
|
An I/O error occurred while reading from or writing to the file system.
|
||
|
.It Bq Er EPERM
|
||
|
The caller is not the superuser.
|
||
|
.El
|
||
|
.Sh SEE ALSO
|
||
|
.Xr chdir 2
|
||
|
.Sh HISTORY
|
||
|
The
|
||
|
.Fn chroot
|
||
|
system call first appeared in
|
||
|
.At v7 .
|
||
|
.Sh CAVEATS
|
||
|
There are ways for a root process to escape from the chroot jail.
|
||
|
Changes to the directory hierarchy made from outside the chroot jail
|
||
|
may allow a restricted process to escape, even if it is unprivileged.
|
||
|
Passing directory file descriptors via
|
||
|
.Xr recvmsg 2
|
||
|
from outside the chroot jail may also allow a process to escape.
|