{"id":335,"date":"2019-04-12T21:01:25","date_gmt":"2019-04-12T21:01:25","guid":{"rendered":"https:\/\/bootstrap-it.com\/blog\/?p=335"},"modified":"2019-04-12T21:01:25","modified_gmt":"2019-04-12T21:01:25","slug":"chroot-the-magical-healing-powers-of-the-original-linux-virtualization-tool","status":"publish","type":"post","link":"https:\/\/bootstrap-it.com\/blog\/?p=335","title":{"rendered":"Chroot: the magical healing powers of the original Linux virtualization tool"},"content":{"rendered":"
<\/a><\/a><\/a><\/a><\/a><\/div>\n

This article, which also appears among my Medium articles<\/a>, is excerpted from chapters 6 and 9 of my <\/em>Manning book, Linux in Action<\/em><\/a>. Besides the book, you can also work through <\/em>Linux in Motion<\/em><\/a>\u200a\u2014\u200aa hybrid course made up of more than two hours of video and around 40% of the text of Linux in Action.<\/em><\/p>\n\n\n\n

You know that the passwords chosen by the people you support are probably not strong enough to protect your infrastructure against a serious attack. And even the few exceptions to the rule are probably being reused on multiple servers and accounts. You beg and nag, but it\u2019s a losing battle.<\/p>\n\n\n\n

But all is not entirely lost. The problem of keeping track of
sufficiently complex passwords can be largely solved by using a good
password vault like KeePass2 or LastPass. And the problem of overusing
passwords can be at least blunted by implementing a single sign-on
solution like Kerberos. Ok. Not like<\/em> Kerberos, but Kerberos<\/em>.<\/p>\n\n\n\n

Still, dumb mistakes are always going to happen.<\/p>\n\n\n\n

So what\u2019s bound to happen to the one or two users who care enough to dream up good, strong passwords for each server they access? Every now and then they\u2019ll forget a password, of course. That won\u2019t be a problem if there\u2019s another admin with sudo power who can log into the server and run passwd to create a new password for the user.<\/p>\n\n\n\n

$ sudo  passwd username
[sudo] password for yourname:
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully<\/pre>\n\n\n\n
But if your unlucky and forgetful user was the only admin with an account on that machine, you\u2019ve got trouble. Except that you don\u2019t. chroot<\/em>\u200a\u2014\u200athe grandfather of all Linux virtualization\u200a\u2014\u200ais going to save your day.<\/p>\n\n\n\n
Here\u2019s one way that it might work. Use a live-boot drive to power up the server that\u2019s got you locked out.<\/p>\n\n\n\n
\"\"\/
Steps for creating a Linux live boot USB<\/figcaption><\/figure>\n\n\n\n
Then open a terminal and run lsblk to determine the designation of your root partition on the server\u2019s hard disk, and mount the root partition to a temporary directory.<\/p>\n\n\n\n
# mkdir \/run\/mountdir\/
# mount \/dev\/sdb1 \/run\/mountdir\/<\/pre>\n\n\n\n
Then you whisper the magic words and you\u2019re in:<\/p>\n\n\n\n
# chroot \/run\/mountdir\/
root@ubuntu:\/#<\/pre>\n\n\n\n
That\u2019s all it takes. At this point, you\u2019re free to run commands as though you were working on a running version of the physical hard drive. Use passwd to give your admin a new password to replace the lost one and, after typing exit to shut down your chroot session, reboot the machine (without the live-boot USB). Everything should now be fine.<\/p>\n\n\n\n
To encrypt or not to encrypt<\/p><\/blockquote>\n\n\n\n
Encrypting the data on your storage drives using tools like ecryptfs or dm-crypt makes it a great deal less likely that your data will be compromised. But on the other hand, many rescue and recovery operations like the above chroot trick simply won\u2019t work on an encrypted volume.<\/p><\/blockquote>\n\n\n\n
Striking a balance between security and accessibility isn\u2019t an exact
science. Many admins, for instance, will leave local servers and desktop workstations unencrypted\u200a\u2014\u200abecause they\u2019re at least protected by locked office doors\u200a\u2014\u200abut insist that mobile devices be encrypted.<\/p><\/blockquote>\n\n\n\n
Recovering a locked VM<\/h4>\n\n\n\n
You can apply the magic of chroot to clean up all kinds messes. Locked out of a local server (or LXC container)? Feel free to open a chroot shell to disable or even reconfigure your firewall.<\/p>\n\n\n\n
Getting that done on a physical machine should be straightforward by now. But here\u2019s how it would work on an LXC container.<\/p>\n\n\n\n
First of all, stop the container and then run chroot against the rootfs directory
that\u2019s within the directory hierarchy used by your LXC container ( var\/lib\/lxc\/
your-container-name\/ ). The command prompt you\u2019ll get will allow you to execute commands as if the container was actually running. Now disable ufw or, if you prefer, run the necessary commands to fix the problem and then exit the chroot shell. When you start the container back up again, you should now have SSH access.<\/p>\n\n\n\n
# lxc-stop -n your-container-name
# chroot \/var\/lib\/lxc\/your-container-name\/rootfs\/
# ufw disable
# exit
# lxc-start -d -n your-container-name<\/pre>\n\n\n\n
This article is excerpted from my <\/em>Manning \u201cLinux in Action\u201d book<\/em><\/a>. There\u2019s lots more fun <\/em>where this came from<\/em><\/a>, including a hybrid course called <\/em>Linux in Motion<\/em><\/a>that\u2019s made up of more than two hours of video and around 40% of the text of Linux in Action. Who knows\u2026you might also enjoy my recently published <\/em>Learn Amazon Web Services in a Month of Lunches<\/em><\/a>.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"
This article, which also appears among my Medium articles, is excerpted from chapters 6 and 9 of my Manning book, Linux in Action. Besides the book, you can also work through Linux in Motion\u200a\u2014\u200aa hybrid course made up of more than… Continue Reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":336,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-335","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"yoast_head":"\nChroot: the magical healing powers of the original Linux virtualization tool - Bootstrap IT<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/bootstrap-it.com\/blog\/?p=335\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Chroot: the magical healing powers of the original Linux virtualization tool - Bootstrap IT\" \/>\n<meta property=\"og:description\" content=\"This article, which also appears among my Medium articles, is excerpted from chapters 6 and 9 of my Manning book, Linux in Action. Besides the book, you can also work through Linux in Motion\u200a\u2014\u200aa hybrid course made up of more than… Continue Reading →\" \/>\n<meta property=\"og:url\" content=\"https:\/\/bootstrap-it.com\/blog\/?p=335\" \/>\n<meta property=\"og:site_name\" content=\"Bootstrap IT\" \/>\n<meta property=\"article:published_time\" content=\"2019-04-12T21:01:25+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/bootstrap-it.com\/blog\/wp-content\/uploads\/chroot-linux.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1502\" \/>\n\t<meta property=\"og:image:height\" content=\"901\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"dbclin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@davidbclinton\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"dbclin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/bootstrap-it.com\/blog\/?p=335\",\"url\":\"https:\/\/bootstrap-it.com\/blog\/?p=335\",\"name\":\"Chroot: the magical healing powers of the original Linux virtualization tool - Bootstrap IT\",\"isPartOf\":{\"@id\":\"https:\/\/bootstrap-it.com\/blog\/#website\"},\"datePublished\":\"2019-04-12T21:01:25+00:00\",\"dateModified\":\"2019-04-12T21:01:25+00:00\",\"author\":{\"@id\":\"https:\/\/bootstrap-it.com\/blog\/#\/schema\/person\/ae0fb1d5b3b01558b92b6426d77766ec\"},\"breadcrumb\":{\"@id\":\"https:\/\/bootstrap-it.com\/blog\/?p=335#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/bootstrap-it.com\/blog\/?p=335\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/bootstrap-it.com\/blog\/?p=335#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/bootstrap-it.com\/blog\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Chroot: the magical healing powers of the original Linux virtualization tool\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/bootstrap-it.com\/blog\/#website\",\"url\":\"https:\/\/bootstrap-it.com\/blog\/\",\"name\":\"Bootstrap IT\",\"description\":\"Learn technology using technology\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/bootstrap-it.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/bootstrap-it.com\/blog\/#\/schema\/person\/ae0fb1d5b3b01558b92b6426d77766ec\",\"name\":\"dbclin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/bootstrap-it.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/a93785d437350478a7f1dfcbec58d26bc28e0124e405179acbe1b4325c09f90a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/a93785d437350478a7f1dfcbec58d26bc28e0124e405179acbe1b4325c09f90a?s=96&d=mm&r=g\",\"caption\":\"dbclin\"},\"sameAs\":[\"http:\/\/bootstrap-it.com\/\",\"dbclinton\",\"https:\/\/twitter.com\/davidbclinton\"],\"url\":\"https:\/\/bootstrap-it.com\/blog\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Chroot: the magical healing powers of the original Linux virtualization tool - Bootstrap IT","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/bootstrap-it.com\/blog\/?p=335","og_locale":"en_US","og_type":"article","og_title":"Chroot: the magical healing powers of the original Linux virtualization tool - Bootstrap IT","og_description":"This article, which also appears among my Medium articles, is excerpted from chapters 6 and 9 of my Manning book, Linux in Action. Besides the book, you can also work through Linux in Motion\u200a\u2014\u200aa hybrid course made up of more than… Continue Reading →","og_url":"https:\/\/bootstrap-it.com\/blog\/?p=335","og_site_name":"Bootstrap IT","article_published_time":"2019-04-12T21:01:25+00:00","og_image":[{"width":1502,"height":901,"url":"https:\/\/bootstrap-it.com\/blog\/wp-content\/uploads\/chroot-linux.png","type":"image\/png"}],"author":"dbclin","twitter_card":"summary_large_image","twitter_creator":"@davidbclinton","twitter_misc":{"Written by":"dbclin","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/bootstrap-it.com\/blog\/?p=335","url":"https:\/\/bootstrap-it.com\/blog\/?p=335","name":"Chroot: the magical healing powers of the original Linux virtualization tool - Bootstrap IT","isPartOf":{"@id":"https:\/\/bootstrap-it.com\/blog\/#website"},"datePublished":"2019-04-12T21:01:25+00:00","dateModified":"2019-04-12T21:01:25+00:00","author":{"@id":"https:\/\/bootstrap-it.com\/blog\/#\/schema\/person\/ae0fb1d5b3b01558b92b6426d77766ec"},"breadcrumb":{"@id":"https:\/\/bootstrap-it.com\/blog\/?p=335#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/bootstrap-it.com\/blog\/?p=335"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/bootstrap-it.com\/blog\/?p=335#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/bootstrap-it.com\/blog"},{"@type":"ListItem","position":2,"name":"Chroot: the magical healing powers of the original Linux virtualization tool"}]},{"@type":"WebSite","@id":"https:\/\/bootstrap-it.com\/blog\/#website","url":"https:\/\/bootstrap-it.com\/blog\/","name":"Bootstrap IT","description":"Learn technology using technology","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/bootstrap-it.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/bootstrap-it.com\/blog\/#\/schema\/person\/ae0fb1d5b3b01558b92b6426d77766ec","name":"dbclin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/bootstrap-it.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/a93785d437350478a7f1dfcbec58d26bc28e0124e405179acbe1b4325c09f90a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/a93785d437350478a7f1dfcbec58d26bc28e0124e405179acbe1b4325c09f90a?s=96&d=mm&r=g","caption":"dbclin"},"sameAs":["http:\/\/bootstrap-it.com\/","dbclinton","https:\/\/twitter.com\/davidbclinton"],"url":"https:\/\/bootstrap-it.com\/blog\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/bootstrap-it.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/335","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bootstrap-it.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bootstrap-it.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bootstrap-it.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bootstrap-it.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=335"}],"version-history":[{"count":1,"href":"https:\/\/bootstrap-it.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/335\/revisions"}],"predecessor-version":[{"id":337,"href":"https:\/\/bootstrap-it.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/335\/revisions\/337"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bootstrap-it.com\/blog\/index.php?rest_route=\/wp\/v2\/media\/336"}],"wp:attachment":[{"href":"https:\/\/bootstrap-it.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=335"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bootstrap-it.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=335"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bootstrap-it.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=335"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}