Visit the LQ Articles and Editorials section
Go Back > Blogs > Angelo Fo. personal blog
User Name


Angelo Fo. Blog [My OpenSource Project News, previews & announcements of my free posts on]

In this blog I'll talk you about my projects about GNU/Linux and solutions regarding security, software development and my own FOSS projects.

I will also publish "previews & announcements" of my free posts on DigitalPatch (Security Blog)

Note: Digital Patch Posts by Angelo Fonzeca are licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 Unported License and are based on a work at

NOTE: If you are interested in IT Security, join us at "GNU/Linux Security & Hardening" group on Linkedin
Rate this Entry

OpenSSH daemon hardening ( Part 3 ) - Setup a chroot enviroment on CentOS with JailKit[ANNOUNCEMENT]

Posted 12-10-2010 at 08:16 AM by angelo.fonzeca
Updated 12-13-2010 at 06:31 AM by angelo.fonzeca

[Note: This is a draft version of the post; it'll be revised as soon as possible]

Introduction - What is a chroot?

"A chroot on Unix operating systems is an operation that changes the apparent disk root directory
for the current running process and its children. A program that is
re-rooted to another directory cannot access or name files outside that
directory, and the directory is called a "chroot jail" or (less commonly) a "chroot prison". The term "chroot" may refer to the chroot(2) system call or the chroot(8) wrapper program."

(Definition from Wikipedia, the free encyclopedia)

A system administrator can use "chrooted" environments for improving the strength of a Unix system, by limiting logged users to use a small environment with few/basic functionalities.
Chroot can also be used for "running inside" Unix daemons, so services are "entrapped" into the jail and they can "see" only a limited part of the filesystem.
In this post we will create a chroot environment for giving access to users with sftp/ssh protocol and/or basic shell access.

Note: The chroot environments don't assure "security", but in combination with others hardening tricks (see my other posts) may improve the strength of the system and put "on the way" more obstacles to the attackers.

Indeed a chroot-jail can be break... for example visit chroot break page

Let's start installing!

Post continues on DigitalPatch blog
Posted in Linux Security
Views 1694 Comments 0
« Prev     Main     Next »
Total Comments 0




All times are GMT -5. The time now is 07:41 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration