1.\" $NetBSD: chroot.2,v 1.25 2017/10/30 15:48:38 wiz Exp $ 2.\" 3.\" Copyright (c) 1983, 1991, 1993 4.\" The Regents of the University of California. All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 3. Neither the name of the University nor the names of its contributors 15.\" may be used to endorse or promote products derived from this software 16.\" without specific prior written permission. 17.\" 18.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 19.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 22.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28.\" SUCH DAMAGE. 29.\" 30.\" @(#)chroot.2 8.1 (Berkeley) 6/4/93 31.\" 32.Dd April 18, 2001 33.Dt CHROOT 2 34.Os 35.Sh NAME 36.Nm chroot , 37.Nm fchroot 38.Nd change root directory 39.Sh LIBRARY 40.Lb libc 41.Sh SYNOPSIS 42.In unistd.h 43.Ft int 44.Fn chroot "const char *dirname" 45.Ft int 46.Fn fchroot "int fd" 47.Sh DESCRIPTION 48.Fa dirname 49is the address of the pathname of a directory, terminated by an ASCII NUL. 50.Fn chroot 51causes 52.Fa dirname 53to become the root directory, 54that is, the starting point for path searches of pathnames 55beginning with 56.Ql / . 57.Pp 58In order for a directory to become the root directory 59a process must have execute (search) access for that directory. 60.Pp 61If the current working directory is not at or under the new root 62directory, it is silently set to the new root directory. 63It should be noted that, on most other systems, 64.Fn chroot 65has no effect on the process's current directory. 66.Pp 67This call is restricted to the super-user. 68.Pp 69The 70.Fn fchroot 71function performs the same operation on an open directory file 72known by the file descriptor 73.Fa fd . 74.Sh RETURN VALUES 75Upon successful completion, a value of 0 is returned. 76Otherwise, a value of \-1 is returned and 77.Va errno 78is set to indicate an error. 79.Sh ERRORS 80.Fn chroot 81will fail and the root directory will be unchanged if: 82.Bl -tag -width Er 83.It Bq Er EACCES 84Search permission is denied for any component of the path name. 85.It Bq Er EFAULT 86.Fa dirname 87points outside the process's allocated address space. 88.It Bq Er EIO 89An I/O error occurred while reading from or writing to the file system. 90.It Bq Er ELOOP 91Too many symbolic links were encountered in translating the pathname. 92.It Bq Er ENAMETOOLONG 93A component of a pathname exceeded 94.Brq Dv NAME_MAX 95characters, or an entire path name exceeded 96.Brq Dv PATH_MAX 97characters. 98.It Bq Er ENOENT 99The named directory does not exist. 100.It Bq Er ENOTDIR 101A component of the path name is not a directory. 102.It Bq Er EPERM 103The effective user ID of the calling process is not the super-user. 104.El 105.Pp 106.Fn fchroot 107will fail and the root directory will be unchanged if: 108.Bl -tag -width Er 109.It Bq Er EACCES 110Search permission is denied for the directory referenced 111by the file descriptor. 112.It Bq Er EBADF 113The argument 114.Fa fd 115is not a valid file descriptor. 116.It Bq Er EIO 117An I/O error occurred while reading from or writing to the file system. 118.It Bq Er ENOTDIR 119The argument 120.Fa fd 121does not reference a directory. 122.It Bq Er EPERM 123The effective user ID of the calling process is not the super-user. 124.El 125.Sh SEE ALSO 126.Xr chdir 2 127.Sh STANDARDS 128The 129.Fn chroot 130function conforms to 131.St -xsh5 , 132with the restriction that the calling process' working directory must be at 133or under the new root directory. 134Otherwise, the working directory is silently set to the new root directory; 135this is an extension to the standard. 136.Pp 137.Fn chroot 138was declared a legacy interface, and subsequently removed in 139.St -p1003.1-2001 . 140.Sh HISTORY 141The 142.Fn chroot 143function call appeared in 144.Bx 4.2 . 145Working directory handling was changed in 146.Nx 1.4 147to prevent one way a process could use a second 148.Fn chroot 149call to a different directory to "escape" from the restricted subtree. 150The 151.Fn fchroot 152function appeared in 153.Nx 1.4 . 154