Use chroot to build a linux sandbox

Using chroot to build a linux sandbox because an external website is mounted on the idc, idc permissions are generally not put out. Previously, we wanted to build an ftp for a user who logged on to the shell as binnologin, you can ssh to this directory to use git commands for code management, but you cannot use chroot to build linux sandbox for other directories and systems because an external website is mounted on the idc, generally, idc permissions are not stored externally. Previously, an ftp client was created for a user who logged on to the shell as/bin/nologin. now, we hope to proceed further, you can ssh to this directory and use git commands for code management, but you cannot have permissions on other directories and systems. I knew there was a chroot command earlier. I used it today. For example, chroot/home/chroot/bin/bash. Note that if no such file or directory is displayed, the prompt/bin/bash or the file (such as the so file) cannot be found, the solution is to copy all the required directories (use ldd/bin/bash to view them ).
The chroot directory must be owned by root, which is equivalent to a sandbox of the system directory. I have seen many different linux distributions (centos, redhat, slackware ). My specific practice is as follows: sudo mkdir/home/chrootcd/home/chrootsudo cp/bin. -rfsudo cp/lib. -rfsudo cp/lib64. -rfsudo cp/usr. -rfsudo cp/sbin. -rfsudo cp/etc. -rfsudo mkdir. /devsudo mkdir. /procsudo mount -- bind/dev /. /devsudo mount -- bind/proc /. /procchroot/home/chroot/bin/bash well. now you need to add a user in the/home/chroot/directory of home/hopkins, the user logging on to shell is/bin/bash. after the user is added, it is shown in/etc/password as follows: hopkinsadmin: x: 1004: 1004: :/Home/hopkinsadmin:/bin/bash modify/etc/ssh/sshd_config and add: Match User hopkinsadminChrootDirectory/home/chroot/restart sshd: sudo service ssh restart is now enough for ssh login, great.