stands for change root. It basically redefines the operational environment
for an application, more precisely it redefines the “root” directory for
an application. By definition, the root directory is the starting point
of access on the navigation tree; when you change the root of an application,
you make the directory of that application the starting point of access;
this precludes view or access to system-wide files.
For example, consider the file sample.htm
located in the root (/) directory, /sample.htm.
When located at the root, this file becomes a global file accessible to
anybody who has root privileges.
If you change the root of this file to the relevant site’s
home directory (for example, /var/www/html/),
then the file acquires a new root environment, which is, /var/www/html/sample.htm,
so only people with access rights to the site can view or use the
Since files are locked into a secure area of the operational
environment and denied access to global files it is also in non-technical
terminology said to be "jailed".
Changing the root of a directory or application requires
that all files served and used by the directory or files in the application
reside in the new root environment of the application, without which they
Changing the root of a directory or application secures it
from unauthorized access by isolating it from other users on the system.
When you change the root of an directory or application, other users on
the system can not view or access the directory or application resources.
Thus, users are limited in the commands
or exploits they can carry out on the files.
Changing the root of a directory or application enhances
security but thwarts optimal use of resources by posing resource sharing
constraints. For example, changing the root of CGI scripts mandates that
you copy the libraries and configuration files necessary for running CGI
scripts into the new root directory.
Site Administrator's Help
Published April 16, 2004