Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (OpenBSD-5.7)
Apropos / Subsearch:
optional field

CHROOT(2)                   BSD System Calls Manual                  CHROOT(2)

     chroot -- change root directory

     #include <&lt;unistd.h>&gt;

     chroot(const char *dirname);

     dirname is the address of the pathname of a directory, terminated by an
     ASCII NUL.  chroot() causes dirname to become the root directory, that
     is, the starting point for path searches of pathnames beginning with '/'.

     In order for a directory to become the root directory a process must have
     execute (search) access for that directory.

     If the program is not currently running with an altered root directory,
     it should be noted that chroot() has no effect on the process's current

     If the program is already running with an altered root directory, the
     process's current directory is changed to the same new root directory.
     This prevents the current directory from being further up the directory
     tree than the altered root directory.

     This call is restricted to the superuser.

     Upon successful completion, the value 0 is returned; otherwise the
     value -1 is returned and the global variable errno is set to indicate the

     The following example changes the root directory to newroot, sets the
     current directory to the new root, and drops some setuid privileges.
     There may be other privileges which need to be dropped as well.

           #include <err.h>
           #include <unistd.h>

           if (chroot(newroot) != 0 || chdir("/") != 0)
                   err(1, "%s", newroot);
           setresuid(getuid(), getuid(), getuid());

     chroot() will fail and the root directory will be unchanged if:

     [ENOTDIR]          A component of the path name is not a directory.

     [ENAMETOOLONG]     A component of a pathname exceeded NAME_MAX charac-
                        ters, or an entire pathname (including the terminating
                        NUL) exceeded PATH_MAX bytes.

     [ENOENT]           The named directory does not exist.

     [EACCES]           Search permission is denied for any component of the
                        path name.

     [ELOOP]            Too many symbolic links were encountered in translat-
                        ing the pathname.

     [EFAULT]           dirname points outside the process's allocated address

     [EIO]              An I/O error occurred while reading from or writing to
                        the file system.

     [EPERM]            The caller is not the superuser.


     The chroot() system call first appeared in Version 7 AT&T UNIX.

     There are ways for a root process to escape from the chroot jail.
     Changes to the directory hierarchy made from outside the chroot jail may
     allow a restricted process to escape, even if it is unprivileged.  Pass-
     ing directory file descriptors via recvmsg(2) from outside the chroot
     jail may also allow a process to escape.

BSD                            January 22, 2015                            BSD