Using chroot in NetBSD Let's go through the steps to create a working chroot, but test at each step; Suppose we want to run program hello in the chroot directory. First, create the directory we are going to use as the alternate root and copy the program: mkdir /usr/ftp mkdir /usr/ftp/bin cp hello /usr/ftp/bin Now try the chroot command: chroot /usr/ftp hello Hello,world This worked only because hello was statically linked - it didn't require any libraries. If chroot is given only one argument it tries to run the default shell. We can provide the shell cp /bin/sh /usr/ftp/bin mkdir /usr/ftp/etc cp /etc/shells /usr/ftp/etc and try chroot again: chroot /usr/ftp /bin/sh not found Sine sh is manifestly in the right place, what is the problem? sh is dynamically linked, and requires libraries. The error message is only there to mislead you. We can find the required libraries with: ldd /bin/sh now copy those libraries to the alternate root: mkdor /usr/ftp/lib cp and test chroot again: $chroot /usr/ftp $ls etc bin lib This Running tnftpd with chroot Compile and install tnftpd: cd /usr/pkgsrc/network/tnftpd make make install Modify inetd.conf so that the ftpd executable is given as /usr/pkg/bin/ftpd rather than as /bin/ftpd. In /usr/pkg/etc, modify ftpd.conf according to the documentation. At the very least you have to add a chroot command, possibly with arguments. If you will be using other ftp configuration files, such as ftpusers, the relevant ones will live in this directory, not in the alternate root. cp /etc/passwd /usr/ftp/passw Daniel Feenberg NBER