🎁 New User? Get 20% off your first purchase with code NEWUSER20 Register Now →
Menu

Categories

Home » Learn » Linux Commands » chroot

chroot Command

Advanced System Information man(1)

Run command or shell with a different root directory

👁 9 views 📅 Updated: Mar 15, 2026
SYNTAX
chroot NEWROOT [COMMAND]

What Does chroot Do?

chroot changes the root directory for a command or shell session. The process and its children see the specified directory as / and cannot access files outside of it (without special effort).

chroot is used for system recovery (booting into a broken system), building packages in isolated environments, testing software in a minimal filesystem, and basic containerization.

chroot provides filesystem isolation but is not a security boundary — processes with root access can escape a chroot. For proper isolation, use containers (Docker, LXC) or namespaces.

Options & Flags

OptionDescriptionExample
NEWROOT New root directory sudo chroot /mnt/recovery
COMMAND Command to run (default: /bin/sh) sudo chroot /mnt/sysimage /bin/bash
--userspec Run as specific user:group sudo chroot --userspec=www-data:www-data /app
--groups Set supplementary groups sudo chroot --groups=audio,video /jail

Practical Examples

#1 System recovery

Mounts a broken system and chroots into it for repair.
$ sudo mount /dev/sda1 /mnt && sudo chroot /mnt /bin/bash

#2 Fix bootloader

Repairs GRUB from a live USB by chrooting into the installed system.
$ sudo chroot /mnt /bin/bash -c 'grub-install /dev/sda && update-grub'

#3 Run in isolated env

Opens a shell in a minimal filesystem for package building.
$ sudo chroot /srv/build /bin/bash

#4 Recovery with proc/sys

Full recovery chroot with required virtual filesystems.
$ sudo mount --bind /dev /mnt/dev && sudo mount -t proc proc /mnt/proc && sudo mount -t sysfs sys /mnt/sys && sudo chroot /mnt

#5 Run specific command

Runs nginx in a chrooted environment.
$ sudo chroot /jail /usr/bin/nginx

Tips & Best Practices

Not a security boundary: chroot is NOT a security container. Root processes can escape chroot. Use proper containers (Docker, LXC) for security isolation.
Mount virtual filesystems: For full system recovery: mount /dev, /proc, /sys, and /dev/pts before chrooting. Otherwise many tools will not work.
debootstrap for minimal environments: Use debootstrap to create a minimal Debian/Ubuntu filesystem for chroot: debootstrap focal /path/to/chroot

Frequently Asked Questions

How do I repair a broken Linux system?
Boot from live USB, mount the partition, mount /dev /proc /sys, then chroot into it. Now you can fix grub, packages, configs.
Is chroot secure?
No — chroot provides filesystem isolation but root processes can escape. Use Docker, LXC, or bubblewrap for security.
What do I need inside a chroot?
At minimum: /bin/sh, shared libraries, and basic utilities. Mount /dev, /proc, /sys for system tools to work.

Related Commands

mount

Mount a filesystem

More System Information Commands

arch

Print machine hardware architecture

 cal

Display a calendar in the terminal

 date

Display or set the system date and time

 dmesg

Print kernel ring buffer messages

 free

Display amount of free and used memory

 hostname

Show or set the system hostname

 lsblk

List information about block devices (disks)

 lscpu

Display CPU architecture information

 lshw

List detailed hardware configuration

 lspci

List all PCI devices

 lsusb

List USB devices

 nproc

Print the number of processing units available
chown Command 📋 All Commands cmp Command →

Master Linux with Professional eBooks

Curated IT eBooks covering Linux, DevOps, Cloud, and more

Browse Books →