You want to restrict your program’s ability to access important parts of the filesystem.

Unix systems provide a system call known as chroot( ) that will restrict the process’s access to the filesystem. Specifically, chroot( ) alters a process’s perception of the filesystem by changing its root directory, which effectively prevents the process from accessing any part of the filesystem above the new root directory.

Normally, a process’s root directory is the actual system root directory, which allows the process to access any part of the filesystem. However, by using the chroot( ) system call, a process can alter its view of the filesystem by changing its root directory to another directory within the filesystem. Once the process’s root directory has been changed once, it can only be made more restrictive. It is not possible to change the process’s root directory to another directory outside of its current view of the filesystem.

Using chroot( ) is a simple way to increase security for processes that do not require access to the filesystem outside of a directory or hierarchy of directories containing its data files. If an attacker is somehow able to compromise the program and gain access to the filesystem, the potential for damage (whether it is reading sensitive data or destroying data) is localized to the restricted directory hierarchy imposed by altering the process’s root directory.

Unfortunately, one often overlooked ...