At times, when we want to experiment with something new, we always prefer to run it on a virtual machine or in a sandbox environment so that it cannot cause any damage to our original machine or its important files. The chroot command allows us to run commands and programs in a safe environment by creating an alternate root directory for them. Therefore, we will be talking about the method of using this command on Debian 11.

Using chroot on Debian

For using chroot on Debian 11, you will need to perform the following steps:

Launch the terminal in Debian and then type the following command in it followed by pressing the Enter key to create a new root directory:

sudo mkdir ~/new_root

This command is also shown in the image below:

Create a new directory

After successfully creating a new root directory, we will add all the relevant sub-directories in the new root directory. For doing that, type the following command in your terminal and then press the Enter key:

sudo mkdir –p ~/new_root/{bin,lib,lib64}

Running this command will create the bin, lib, and lib64 sub-directories within the new root directory. This command is shown in the following image:

Create system directories

Once you have successfully created these sub-directories, the next thing that you need to do is to copy the binaries of the commands and programs that you want to test using chroot in the new root directory. For doing that, you first need to look for these binaries. In this example, we are going to find out the binaries of the following commands: ip, ls, and pwd. Moreover, we are also going to look for the binary of the bash program. For doing that, we will make use of the which command as shown below:

which ip ls pwd bash

Type this command in your terminal and then press the Enter key. It is also shown in the image below:

Use which command

As soon as this command will execute successfully, you will be able to see the paths to the binaries of the respective commands and program in your terminal as shown in the following image:

Find program paths using which command

  • Once you have found out all the respective binaries, you need to copy them into the new root directory. For doing that, type the following command in your terminal and then press the Enter key:
sudo cp –v /bin/{ip,ls,pwd,bash} ~/new_root/bin

This command is shown in the image below:

Chroot subdirectories

The successful execution of this command will show you something like this on your terminal which is, in fact, a confirmation that the binaries have been copied into the new root directory:

Copy binary files

The next step is to find out and copy the dependencies of these commands and programs in the new root directory. For finding out the dependencies of the ip command, type the following command in your terminal and then press the Enter key:

ldd /bin/ip

This command is also shown in the following image:

ldd command

Running this command will show you all the dependencies of the ip command. You can find out the dependencies for the ls and pwd command in the very same manner. The dependencies of the ip command are shown in the image below:

Find out which libraries a binary file requires with ldd

Now you need to copy all the dependencies of the ip command in the new root directory. For doing that, type the command as shown in the following image:

Copy dependencies

As soon as this command will execute successfully, your terminal will look something like this:

File dependencies

However, for copying the /lib64 dependency, you will need to type the command in your terminal as shown in the image below:

lib64 dependencies

Your terminal will prompt you with a message showing that the /lib64 files have been copied successfully as shown in the following image:

command copied

Now you need to find out the dependencies for the bash program. For doing that, type the following command in your terminal and then press the Enter key:

ldd /bin/bash

This command is also shown in the image below:

ldd bash

Running this command successfully will show you all the required dependencies for the bash program as shown in the following image:

bash shell dependencies

Now copy these dependencies into the new root directory by typing the command shown in the image below in your terminal and then pressing the Enter key:

Copying bash file dependencies

If this command executes successfully, your terminal will look something like this:

copied files

However, for copying the /lib64 dependency, type the command shown in the following image in your terminal and then press the Enter key:

lib64 dep

Your terminal will display a message confirming that the above-mentioned dependency has been copied to the new root directory successfully as shown in the image below:

copied files

Once these steps are executed successfully, you need to navigate to the new root directory. For doing that, type the following command in your terminal and then press the Enter key:

sudo chroot ~/new_root/bin/bash

This command will take you to the bash program environment. It is also shown in the following image:

Use chroot

Once you are running the bash program in your newly created root directory, try running the commands whose configurations you have done above. In this example, I will try to run the ip command and find out if it works in the new root directory or not. For doing that, type the following command in your terminal and then press the Enter key:

ip link

Running this command will display the output shown in the image below which is a confirmation that the ip command is running successfully in the new root directory:

use ip command in jail

Conclusion

By following the method described in this article, you can easily use the chroot command on Debian 11. Although the whole process seems quite long if you manage to follow all the steps correctly, you will never get yourself in any trouble.

How to use chroot on Debian 11

Karim Buzdar

About the Author: Karim Buzdar holds a degree in telecommunication engineering and holds several sysadmin certifications. As an IT engineer and technical author, he writes for various web sites. You can reach Karim on LinkedIn