The function of chroot jails
A chroot denotes to an operation that alters the visible root directory for the present running process and its children. Programs running in this adjusted environment are not able to access the files outside the assigned directory tree. This basically restricts their access to a directory tree and hence they get the name “chroot jail” (Sobell & Seebach, 2015). One such function pertains to testing and development. A test environment can be established in the chroot for software that would otherwise be too unsafe to deploy on a production system. Chroot jails also play an important role in dependency control. Software can be created and tested in a chroot populated only with its anticipated dependencies. This can serve to avert some types of connection skew that can arise from developers creating projects with dissimilar sets of program libraries set up.
A chroot jail also acts to restrict the directory access to a would-be attacker. As such, it locks down a certain process and any user ID it is utilizing so that the user only views the directory that the process is running in (Tilborg & Jajodia, 2014). To the process, it seems that it is running in the root directory. Chroot jails also Help in recovery. When a system is considered to be unbootable, a chroot jail acts to move it back into the destroyed environment after bootstrapping from an alternate root file system (like a live CD or from installation media). Lastly, chroot jails can be utilized in privilege separation. Programs are permitted to transmit open file descriptors into the chroot, which can simplify jail design by making it unnecessary to leave working files inside the chroot directory (Aitchison, 2011).
References
Aitchison, R. (2011). Pro DNS and BIND 10. Apress.
Sobell, M. G., & Seebach, P. (2015). A practical guide to UNIX for Mac OS X users. Prentice Hall Professional.
Tilborg, H. C., & Jajodia, S. (2014). Encyclopedia of cryptography and security. Springer Science & Business Media.
