Robbert Haarman



chrootexec allows normal users to run commands in chroot jails.


The following downloads are available:


Compiling and installing chrootexec is as simple as:

$ make && sudo make install

If desired, an alternate installation prefix (default is /usr/local) can be specified by setting the PREFIX environment variable:

# env PREFIX=/usr make install

See the Makefile for additional details.


Simple sanity test (assuming statically linked /bin/pwd):

$ chrootexec /bin ./pwd

A more useful example: setting up the muhttpd webserver to run inside a chroot jail. First, create the directory hierarchy:

$ mkdir -p fakeroot/{etc,usr/{lib,libexec,sbin},var}

Then, copy the necessary files (the exact files and locations depend on your system, of course):

$ cp /usr/lib/* fakeroot/usr/lib/
$ cp /usr/libexec/ fakeroot/usr/libexec/
$ cp /usr/local/sbin/muhttpd fakeroot/usr/sbin
$ cp -r /etc/muhttpd fakeroot/etc/
$ cp -r ~/www fakeroot/var/

Edit the configuration files to your needs, and, finally, Start the server:

$ chrootexec fakeroot /usr/sbin/muhttpd &


For correct operation, chrootexec must be installed suid root. This gives it root priviliges on startup, which allow it to change the root directory. As soon as this is done, it drops root privileges. The command passed to chrootexec is run under the user who invoked chrootexec.

Valid XHTML 1.1! Valid CSS! Viewable with Any Browser