11

I've been using Macs for 25 years, and "UNIX" since OS X 10.0.. but I've never really thought much about chroot, nor have I ever really needed or wanted to...

It's a simple question, but... under what circumstances would one opt to use "chroot" on a Mac? It is indeed a built-in function from the BSD days, but I've never heard of it being used... Is the functionality part of another command-line or system-level tool that obviate the need to chroot? If so, what is the equivalent function? If not, why does it seem to never be used, referenced, or needed?

mralexgray
  • 1,213
  • 3
  • 12
  • 29

4 Answers4

14

There are two main categories of uses for chroot (the Wikipedia article goes into more detail):

  • Isolate an application, providing it with a restricted view of the filesystem. This is commonly done for public FTP servers, for example, to make sure they won't be able to serve files outside the public area even if there's a bug in the server software. This use case is getting less and less common for two reasons. First, chroot doesn't provide much isolation, a vulnerability in the server could allow the attacker do do damage in many other ways than accessing files. Second, virtual machines, which do provide stronger isolation, have become a lot cheaper, and often are easier to set up, so they are the natural choice.
  • Run software in a different operating system with the same kernel but different libraries. For example, as suggested by David Cournapeau, if you're developing software, have a lot of extra stuff installed, and want to make sure your software doesn't depend on that extra stuff, you might test it in a chroot with only a minimal installation. Or (but I don't think that's very common for OSX systems) you might run a different OS release — for example I have a 64-bit Linux system which has a 32-bit distribution accessible with chroot, for those rare times when I need to run a 32-bit application that won't run directly on the main system.

Both kinds of use cases are rather specialized. Chroot is useless to most people; it's there because it's useful to some, and it's very cheap to implement.

7

I use chroot on mac os x to test some softwares, or to test packaging of projects I am involved with (to e.g. test installs on 10.4 while I am using 10.6).

David Cournapeau
  • 243
  • 4
  • 13
2

How often do people want to open up their personal systems for others to access? Most of the time, chroot is geared towards servers with lots of different users. However, if you wanted to indeed setup a local SFTP server for users to access your personal system, then you should definitely chroot it.

Maybe this post will start you off in the right direction:

http://hints.macworld.com/article.php?story=2004110314282345

Matt Beckman
  • 1,512
  • 17
  • 33
0

One of the common use cases is build software or even a full OS. For the same reasons, you may need to control or limit the visible libraries and frameworks and apps and resources

uchuugaka
  • 101
  • 1