Why is "chroot" never used on Mac OS X?

unix command-line-interface usage mac-osx chroot

There are two main categories of uses for chroot (the Wikipedia article goes into more detail):

  • Isolate an application, providing it with a restricted view of the filesystem. This is commonly done for public FTP servers, for example, to make sure they won't be able to serve files outside the public area even if there's a bug in the server software. This use case is getting less and less common for two reasons. First, chroot doesn't provide much isolation, a vulnerability in the server could allow the attacker do do damage in many other ways than accessing files. Second, virtual machines, which do provide stronger isolation, have become a lot cheaper, and often are easier to set up, so they are the natural choice.
  • Run software in a different operating system with the same kernel but different libraries. For example, as suggested by David Cournapeau, if you're developing software, have a lot of extra stuff installed, and want to make sure your software doesn't depend on that extra stuff, you might test it in a chroot with only a minimal installation. Or (but I don't think that's very common for OSX systems) you might run a different OS release — for example I have a 64-bit Linux system which has a 32-bit distribution accessible with chroot, for those rare times when I need to run a 32-bit application that won't run directly on the main system.

Both kinds of use cases are rather specialized. Chroot is useless to most people; it's there because it's useful to some, and it's very cheap to implement.


I use chroot on mac os x to test some softwares, or to test packaging of projects I am involved with (to e.g. test installs on 10.4 while I am using 10.6).


How often do people want to open up their personal systems for others to access? Most of the time, chroot is geared towards servers with lots of different users. However, if you wanted to indeed setup a local SFTP server for users to access your personal system, then you should definitely chroot it.

Maybe this post will start you off in the right direction:

http://hints.macworld.com/article.php?story=2004110314282345

Related

Database planning - Multiple Schemas vs Multiple Databases vs Single large database vs Partitions
How to find which screen (and thus port) the VNC UI for a kvm guest has? Or how to assign it
How to block all root login attempts using denyhosts and or fail2ban?
How can I add the "noatime" flag to my / filesystem without a reboot
How does changing a GPG encryption key's passphrase work?
BIND, Master, Slaves and Notify
Print external host name of EC2 instance
SSH does not allow the use of a key with group readable permissions
nginx simple regex location
Make Tomcat use X-Real-IP
I accidently zipped my whole server
iLO 3 Firmware Update (HP Proliant DL380 G7)