How to run a command in a chroot jail not as root and without sudo?

Question

I\'m setting up a minimal chroot and want to avoid having sudo or su in it but still run my processes as non-root. This is a bit of a trick as running chroot requiers root.

Answer 1

A custom chrooter isn't at all hard to write:

#define _BSD_SOURCE
#include 
#include 
const char newroot[]="/path/to/chroot";
int main(int c, char **v, char **e) {
    int rc; const char *m;
    if ( (m="chdir" ,rc=chdir(newroot)) == 0
      && (m="chroot",rc=chroot(newroot)) == 0
      && (m="setuid",rc=setuid(getuid())) == 0 )
            m="execve", execve(v[1],v+2,e);
    perror(m);
    return 1;
}

Make that setuid root and owned by a custom group you add your favored user to (and no 'other' access).