Difference between revisions of "Change root"

From ArchWiki
Jump to: navigation, search
m (Add interwiki link to french wiki)
m (Example)
(45 intermediate revisions by 18 users not shown)
Line 1: Line 1:
[[Category:System recovery (English)]]
+
[[Category:System recovery]]
 +
[[es:Change Root]]
 +
[[fa:تغییر ریشه]]
 
[[fr:Chroot]]
 
[[fr:Chroot]]
Changing Root is the process of changing of the apparent disk root directory (and the current running process and its children) to another root directory. When you change root to another directory you cannot access files and commands outside that directory. This directory is called a ''chroot jail''. Changing root is commonly done for system maintenance for such tasks as reinstalling [[Grub#Bootloader_installation|GRUB]] or resetting a forgotten password. Changing root is often done from from a LiveCD or LiveUSB into a mounted partition that contains an installed system.
+
[[ja:Change Root]]
 +
[[ro:Chroot]]
 +
[[zh-CN:Change Root]]
 +
[[Wikipedia:Chroot|Chroot]] is the process of changing of the apparent disk root directory (and the current running process and its children) to another root directory. When you change root to another directory you cannot access files and commands outside that directory. This directory is called a ''chroot jail''. Changing root is commonly done for system maintenance, such as reinstalling the bootloader or resetting a forgotten password.
  
 
== Requirements ==
 
== Requirements ==
  
* You'll need to boot to another working Linux environment (for example, to a LiveCD or USB flash disk).  For Arch install mediums there is both the [http://www.archlinux.org/download/ LiveCD and USB Flash disk].
+
* You'll need to boot from another working Linux environment (e.g. from a LiveCD or USB flash media, or from another installed Linux distribution).
  
 
* Root privileges are required in order to chroot.
 
* Root privileges are required in order to chroot.
  
* Be sure that the architectures of the Linux environment you have booted into matches the architecture of the root directory you wish to enter (i.e. i686, x86_64). You can find the architecture of your current environment by:
+
* Be sure that the architecture of the Linux environment you have booted into matches the architecture of the root directory you wish to enter (i.e. i686, x86_64). You can find the architecture of your current environment with:
  
uname -m
+
: {{bc|# uname -m}}
  
* If you need any kernel modules loaded in the chroot environment, load them before chrooting. It may also be useful to initialize your swap (<code>swapon /dev/<device-or-partition-name></code>) and to connect to your network before chrooting.
+
* If you need any kernel modules loaded in the chroot environment, load them before chrooting. It may also be useful to initialize your swap ({{ic|swapon /dev/sdxY}}) and to establish an internet connection before chrooting.
  
== Mounting the device ==
+
== Mount the partitions ==
  
The device or partition with the Linux system on it will need to be mounted. To discover the kernel name of the storage device name, type:
+
The root partition of the Linux system that you're trying to chroot into needs to be mounted first. To find out the device name assigned by the kernel, run:
  
  fdisk -l
+
  # lsblk /dev/sda
  
Create a directory where you would like to mount the device or partition, then mount it:
+
You can also run the following to get an idea of your partition layout.
  
  mkdir /mnt/arch
+
  # fdisk -l
mount /dev/<device-or-partition-name> /mnt/arch
+
  
== Changing Root ==
+
Now create a directory where you would like to mount the root partition and mount it:
 +
 
 +
# mkdir /mnt/arch
 +
# mount /dev/sda3 /mnt/arch
 +
 
 +
Next, if you have separate partitions for other parts of your system (e.g. {{ic|/boot}}, {{ic|/home}}, {{ic|/var}}, etc), you should mount them, as well:
 +
 
 +
# mount /dev/sda1 /mnt/arch/boot/
 +
# mount /dev/sdb5 /mnt/arch/home/
 +
# mount ...
 +
 
 +
While it's possible to mount filesystems after you've chrooted, it is more convenient to do so beforehand. The reasoning for this is that you'll have to unmount the temporary filesystems after you exit the chroot, so this lets you umount all the filesystems with a single command. This also allows for a safer shutdown. Because the external Linux environment knows all mounted partitions, it can safely unmount them during shutdown.
 +
 
 +
== Change root ==
  
 
Mount the temporary filesystems:
 
Mount the temporary filesystems:
  
cd /mnt/arch
+
{{Note|Using a newer (2012) Arch release, the following {{ic|mount}} commands can be replaced with {{ic|arch-chroot /mnt/arch}}, if the root partition was mounted in that location. Of course, you may still type these, if you want, or if you only have some other "live" Linux distribution.}}
mount -t proc proc proc/
+
mount -t sysfs sys sys/
+
mount -o bind /dev dev/
+
  
Mount other parts of your filesystem (e.g. {{Filename|/boot}}, {{Filename|/var}}, {{Filename|/usr}}...) that reside on separate partitions but which you need access to. For example:
+
# cd /mnt/arch
 +
# mount -t proc proc proc/
 +
# mount -t sysfs sys sys/
 +
# mount -o bind /dev dev/
 +
# mount -t devpts pts dev/pts/
  
mount /dev/<device-or-partition-name> boot/
+
If you established an internet connection and want to use it in the chroot environment, you may have to copy over your DNS servers so that you will be connected to the network:
  
It's possible to mount filesystems after you've chrooted, but it's more convenient to do so beforehand. The reasoning for this is you'll have to unmount the temporary filesystems after you exit a chroot so this lets you umount all the filesystems in a single command. This also allows a safer shutdown.  Because the external Linux environment knows all mounted partitions it can safely unmount them during shutdown.
+
  # cp -L /etc/resolv.conf etc/resolv.conf
  
If you've setup your network and want to use it in the chroot environment, copy over your DNS servers so that you will be connected to the network:
+
Now chroot into your installed system and define your shell:
  
  cp -L /etc/resolv.conf etc/resolv.conf
+
  # chroot . /bin/bash
  
Now chroot to your installed device or partition and define your shell:
+
{{Note|If you see the error {{ic|chroot: cannot run command '/bin/bash': Exec format error}}, it is likely that the two architectures do not match.}}
  
chroot . /bin/bash
+
Optionally, to source your Bash configuration ({{ic|~/.bashrc}} and {{ic|/etc/bash.bashrc}}), run:
  
If you see the error, "<tt>chroot: cannot run command '/bin/bash': Exec format error</tt>" it is likely the two architectures do not match.
+
# source ~/.bashrc
 +
# source /etc/profile
  
If you'll be doing anything with [[GRUB]] inside the chroot environment, you'll need to be sure your {{Filename|/etc/mtab}} is up-to-date:
+
Optionally, create a unique prompt to be able to differentiate your chroot environment:
  
  grep -v rootfs /proc/mounts > /etc/mtab
+
  # export PS1="(chroot) $PS1"
  
If you use bash, your root {{Filename|$HOME/.bashrc}} will be sourced on login provided your {{Filename|~/.bash_profile}} specifies it ({{Codeline|source ~/.bashrc}}).  To source your chrooted, global bash configuration do:
+
== Run graphical chrooted applications ==
  
  source /etc/profile
+
If you have [[X]] running on your system, you can start graphical applications from the chroot environment.
  
If your bash configuration doesn't use a unique prompt, consider creating one to be able to differentiate your chroot environment:
+
To allow the connection to your X server, you have to run the following from a terminal:
  
  export PS1="(chroot) $PS1"
+
# xhost +
  
== Perform System Maintenance ==
+
Then, to direct the applications to your X server, run:
  
At this point you can perform whatever system maintenance you require inside the chroot environment, some common examples being:
+
# export DISPLAY=:0.0
  
* Upgrade or [[Downgrading_Packages|downgrade]] packages
+
== Perform system maintenance ==
* [[Mkinitcpio|Rebuild your initcpio image]]
+
* Reset a [[Password_Recovery|forgotten password]]
+
* Fix your [[Fstab|/etc/fstab]]
+
* [[GRUB#Bootloader_installation|Reinstall GRUB]].
+
  
== Exiting chroot ==
+
At this point you can perform whatever system maintenance you require inside the chroot environment. A few common examples are:
  
When you're finished with system maintenance, exit the chroot shell:
+
* Reinstall the bootloader.
 +
* Rebuild your [[mkinitcpio|initramfs]] image.
 +
* Upgrade or [[Downgrading_Packages|downgrade]] packages.
 +
* Reset a [[Password_Recovery|forgotten password]].
  
  exit
+
== Exit the chroot environment ==
 +
 
 +
When you're finished with system maintenance, exit the chroot:
 +
 
 +
  # exit
  
 
Then unmount the temporary filesystems and any mounted devices:
 
Then unmount the temporary filesystems and any mounted devices:
  
  umount {proc,sys,dev,boot...}
+
  # umount {proc,sys,dev,boot,[...],}
  
Finally attempt to unmount your hard drive:
+
Finally, attempt to unmount your root partition:
  
  cd ..
+
  # cd ..
  umount arch/
+
  # umount arch/
  
If you get an error saying that {{Filename|/mnt}} (or any other partition) is busy, this can mean one of two things:
+
{{Note|If you get an error saying that {{ic|/mnt}} (or any other partition) is busy, this can mean one of two things:
  
 
* A program was left running inside of the chroot.
 
* A program was left running inside of the chroot.
* Or more frequently: a sub-mount still exists. For example, {{Filename|/mnt/arch/usr}} within {{Filename|/mnt/arch}}.
 
  
In the latter case, unmount the sub-mount mount point first. To get a reminder of all the current mount points, run {{Codeline|mount}} with no parameters. If you still are unable to mount a partition, use the force option:
+
* Or, more frequently, a sub-mount still exists (e.g. {{ic|/mnt/arch/boot}} within {{ic|/mnt/arch}}). Check with {{ic|lsblk}} to see if there are any mountpoints left:
 +
 
 +
: {{bc|lsblk /dev/sda}}
  
umount -f /mnt
+
: If you are still unable to unmount a partition, use the {{ic|--force}} option:
  
After this you will be able to safely reboot.
+
: {{bc|# umount -f /mnt}}}}
  
== Resources ==
+
After this, you will be able to safely reboot.
  
* [http://en.wikipedia.org/wiki/Chroot Wikipedia] - for the introduction.
+
== Example ==
 +
This may protect your system from Internet attacks during browsing:
 +
{{bc|1=
 +
cd
 +
mkdir myroot
 +
sudo pacman -i arch-install-scripts
 +
sudo mount --bind myroot myroot # pacstrap must see myroot as mounted
 +
sudo pacstrap -i myroot base base-devel
 +
sudo mount -t proc proc myroot/proc/
 +
sudo mount -t sysfs sys myroot/sys/
 +
sudo mount -o bind /dev myroot/dev/
 +
sudo mount -t devpts pts myroot/dev/pts/
 +
sudo cp -i /etc/resolv.conf myroot/etc/
 +
sudo chroot myroot
 +
passwd # set a password
 +
useradd -m -s /bin/bash ''user''
 +
passwd ''user'' # set a password
 +
# in a shell outside the chroot:
 +
sudo pacman -S xorg-server-xnest
 +
Xnest -ac :1
 +
# continue inside the chroot:
 +
pacman -S xterm
 +
xterm
 +
pacman -S xorg-server xorg-xinit xorg-server-utils
 +
pacman -S openbox
 +
pacman -S ttf-dejavu
 +
pacman -S firefox
 +
exit
 +
sudo chroot --userspec=''user'' myroot
 +
DISPLAY=:1
 +
openbox &
 +
HOME="/home/''user''"
 +
firefox
 +
}}
 +
See also: [https://help.ubuntu.com/community/BasicChroot Basic Chroot]

Revision as of 10:40, 6 February 2013

Chroot is the process of changing of the apparent disk root directory (and the current running process and its children) to another root directory. When you change root to another directory you cannot access files and commands outside that directory. This directory is called a chroot jail. Changing root is commonly done for system maintenance, such as reinstalling the bootloader or resetting a forgotten password.

Requirements

  • You'll need to boot from another working Linux environment (e.g. from a LiveCD or USB flash media, or from another installed Linux distribution).
  • Root privileges are required in order to chroot.
  • Be sure that the architecture of the Linux environment you have booted into matches the architecture of the root directory you wish to enter (i.e. i686, x86_64). You can find the architecture of your current environment with:
# uname -m
  • If you need any kernel modules loaded in the chroot environment, load them before chrooting. It may also be useful to initialize your swap (swapon /dev/sdxY) and to establish an internet connection before chrooting.

Mount the partitions

The root partition of the Linux system that you're trying to chroot into needs to be mounted first. To find out the device name assigned by the kernel, run:

# lsblk /dev/sda

You can also run the following to get an idea of your partition layout.

# fdisk -l

Now create a directory where you would like to mount the root partition and mount it:

# mkdir /mnt/arch
# mount /dev/sda3 /mnt/arch

Next, if you have separate partitions for other parts of your system (e.g. /boot, /home, /var, etc), you should mount them, as well:

# mount /dev/sda1 /mnt/arch/boot/
# mount /dev/sdb5 /mnt/arch/home/
# mount ...

While it's possible to mount filesystems after you've chrooted, it is more convenient to do so beforehand. The reasoning for this is that you'll have to unmount the temporary filesystems after you exit the chroot, so this lets you umount all the filesystems with a single command. This also allows for a safer shutdown. Because the external Linux environment knows all mounted partitions, it can safely unmount them during shutdown.

Change root

Mount the temporary filesystems:

Note: Using a newer (2012) Arch release, the following mount commands can be replaced with arch-chroot /mnt/arch, if the root partition was mounted in that location. Of course, you may still type these, if you want, or if you only have some other "live" Linux distribution.
# cd /mnt/arch
# mount -t proc proc proc/
# mount -t sysfs sys sys/
# mount -o bind /dev dev/
# mount -t devpts pts dev/pts/

If you established an internet connection and want to use it in the chroot environment, you may have to copy over your DNS servers so that you will be connected to the network:

# cp -L /etc/resolv.conf etc/resolv.conf

Now chroot into your installed system and define your shell:

# chroot . /bin/bash
Note: If you see the error chroot: cannot run command '/bin/bash': Exec format error, it is likely that the two architectures do not match.

Optionally, to source your Bash configuration (~/.bashrc and /etc/bash.bashrc), run:

# source ~/.bashrc
# source /etc/profile

Optionally, create a unique prompt to be able to differentiate your chroot environment:

# export PS1="(chroot) $PS1"

Run graphical chrooted applications

If you have X running on your system, you can start graphical applications from the chroot environment.

To allow the connection to your X server, you have to run the following from a terminal:

# xhost +

Then, to direct the applications to your X server, run:

# export DISPLAY=:0.0

Perform system maintenance

At this point you can perform whatever system maintenance you require inside the chroot environment. A few common examples are:

Exit the chroot environment

When you're finished with system maintenance, exit the chroot:

# exit

Then unmount the temporary filesystems and any mounted devices:

# umount {proc,sys,dev,boot,[...],}

Finally, attempt to unmount your root partition:

# cd ..
# umount arch/
Note: If you get an error saying that /mnt (or any other partition) is busy, this can mean one of two things:
  • A program was left running inside of the chroot.
  • Or, more frequently, a sub-mount still exists (e.g. /mnt/arch/boot within /mnt/arch). Check with lsblk to see if there are any mountpoints left:
lsblk /dev/sda
If you are still unable to unmount a partition, use the --force option:
# umount -f /mnt

After this, you will be able to safely reboot.

Example

This may protect your system from Internet attacks during browsing:

cd
mkdir myroot
sudo pacman -i arch-install-scripts
sudo mount --bind myroot myroot # pacstrap must see myroot as mounted 
sudo pacstrap -i myroot base base-devel
sudo mount -t proc proc myroot/proc/
sudo mount -t sysfs sys myroot/sys/
sudo mount -o bind /dev myroot/dev/
sudo mount -t devpts pts myroot/dev/pts/
sudo cp -i /etc/resolv.conf myroot/etc/
sudo chroot myroot
passwd # set a password 
useradd -m -s /bin/bash user
passwd user # set a password
# in a shell outside the chroot: 
sudo pacman -S xorg-server-xnest
Xnest -ac :1
# continue inside the chroot: 
pacman -S xterm
xterm
pacman -S xorg-server xorg-xinit xorg-server-utils
pacman -S openbox
pacman -S ttf-dejavu
pacman -S firefox
exit
sudo chroot --userspec=user myroot
DISPLAY=:1
openbox &
HOME="/home/user"
firefox

See also: Basic Chroot