1.\" $OpenBSD: chroot.8,v 1.16 2015/09/12 15:52:37 schwarze Exp $ 2.\" 3.\" Copyright (c) 1988, 1991, 1993 4.\" The Regents of the University of California. All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 3. Neither the name of the University nor the names of its contributors 15.\" may be used to endorse or promote products derived from this software 16.\" without specific prior written permission. 17.\" 18.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 19.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 22.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28.\" SUCH DAMAGE. 29.\" 30.\" from: @(#)chroot.8 8.1 (Berkeley) 6/9/93 31.\" 32.Dd $Mdocdate: September 12 2015 $ 33.Dt CHROOT 8 34.Os 35.Sh NAME 36.Nm chroot 37.Nd change root directory 38.Sh SYNOPSIS 39.Nm chroot 40.Op Fl g Ar group Ns Op Pf , Ar group Ns Op Pf , Ar ... 41.Op Fl u Ar user 42.Ar newroot 43.Op Ar command 44.Sh DESCRIPTION 45The 46.Nm 47command changes its root directory to the supplied directory 48.Ar newroot 49and executes 50.Ar command , 51if supplied, or an interactive copy of the user's shell. 52.Pp 53The 54.Nm 55command is restricted to the superuser. 56.Pp 57The options are as follows: 58.Bl -tag -width Ds 59.It Fl g Ar group Ns Op Pf , Ar group Ns Op Pf , Ar ... 60Override the primary and supplemental group IDs. 61The primary group ID is set to the first group in the list. 62Any remaining groups are placed in the supplemental group ID vector. 63Each group listed must exist in the 64.Xr group 5 65databases. 66.It Fl u Ar user 67Set user ID to 68.Ar user 69(which must exist in the 70.Xr passwd 5 71database). 72The primary and supplemental group IDs will be set based on the user's 73entries in the 74.Xr passwd 5 75and 76.Xr group 5 77databases unless overridden by the 78.Fl g 79option. 80Additional settings may be applied as specified in 81.Xr login.conf 5 82depending on 83.Ar user Ns 's 84login class. 85.El 86.Sh ENVIRONMENT 87.Bl -tag -width SHELL 88.It Ev SHELL 89If set, 90the string specified by 91.Ev SHELL 92is interpreted as the name of 93the shell to execute. 94If the variable 95.Ev SHELL 96is not set, 97.Pa /bin/sh 98is used. 99.El 100.Sh SEE ALSO 101.Xr ldd 1 , 102.Xr group 5 , 103.Xr login.conf 5 , 104.Xr passwd 5 , 105.Xr environ 7 106.Sh HISTORY 107The 108.Nm 109utility first appeared in 110.Bx 4.3 Reno . 111.Sh CAVEATS 112.Nm 113should never be installed setuid root, as it would then be possible 114to exploit the program to gain root privileges. 115