Linux Application Development (paperback) (2nd Edition)

   

14.2. Changing the Root Directory

Although the system has a single root directory, the meaning of / may be changed for each process on the system. This is usually done to prevent suspect processes (such as ftp daemons handling requests from untrusted users) from accessing the complete file system. For example, if /home/ftp is specified as the process's root directory, running chdir("/") will make the process's current directory /home/ftp, and getcwd() will return / to keep things consistent for the process in question. To ensure security, if the process tries to chdir("/.."), it is left in its / directory (the system-wide /home/ftp directory), just as normal processes that chdir("/..") are left in the system-wide root directory. A process may easily change its current root directory through the chroot() system call. The process's new root directory path is interpreted with the current root directory in place, so chroot("/") does not modify the process's current root directory.

#include <unistd.h> int chroot(const char * path);

Here, the path specifies the new root directory for the process. This system call does not change the current working directory of the process, however. The process can still access files in the current directory, as well as relative to it (that is, ../../directory/file). Most processes that chroot() themselves immediately change their current working directory to be inside the new root hierarchy with chdir("/"), or something similar, and not doing so would be a security problem in some applications.


       
     

    Категории