uchroot <directory> [program]
Uchroot is for letting users other than root run programs in a chroot'ed environment.
Why? Say you want to run a service from inetd and have it run in a chrooted environment (run chroot from inetd and run the service from chroot). Inetd runs as root, so any programs that are run from it start as root (things like ftpd and Apache in inetd mode know how to drop privileges under these conditions, but J. Random Program doesn't, necessarily). You don't want this program to run as root, since there's a Perl interpreter or C compiler in the chrooted environment, and given a Perl interpreter or C compiler, it's possible to escape from a chrooted jail. Okay, to get around that, we'll just put su in the chrooted environment and call su from chroot to su to the desired user...but now we've got an extra suid binary in the chrooted jail, which is something we want to avoid. Instead, let's put the su outside the chroot and run chroot from su rather than vice versa...but then chroot won't work because it needs root privileges. Catch 22.
Uchroot solves this problem. It is a small utility which is installed suid root which lets ordinary users chroot. It drops its privileges immediately after making the chroot(2) system call.
Uchroot should be safe, but I'm not a security expert (just a paranoid sysadmin), so I could be wrong (it is possible that I am inadequately paranoid). Please read the NO WARRANTY section of the License. If you do find a vulnerability in uchroot, I'd like to know.
Do not, under any circumstances, install uchroot inside a chrooted jail.
Only tested on Linux. Likely to work on other GNU systems, may work on other POSIX systems. If you want portability, you should probably hack on the chroot in the GNU shell utilities. This code is partly cribbed from there, anyway.
Uchroot is released under the GNU Public License. Please see the file COPYING for details. Uchroot is Free Software with NO WARRANTY.