O'Reilly logo

Advanced Linux Networking by Roderick W. Smith

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 23. Configuring a chroot Jail

Every server must be able to read certain local files, and some servers must be able to change at least some local files. If these powers can be warped to serve the needs of an attacker, that attacker can corrupt your system's configuration, gain more power, and ultimately gain complete control of your system. What, though, if that corrupted system is really just a subset of the real computer, and a subset with very limited abilities? This is the idea behind a chroot jail—to run a server in an environment so limited that it won't do an attacker any good if the server is compromised.

Not all servers operate well in a chroot jail, but some are designed to be used in this way. For those servers that support

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required