* modules/arch/unix/mod_unixd.ci (ap_unixd_setup_child):

notroj · notroj · commit 5c9c78d7859f · 2025-08-15T07:38:26.000Z
Do not test euid=0 before going chroot Nowaday chroot need CAP_SYS_CHROOT capability in its user namespace, and could work without root. Will allow to use chroot with lesser permission. Submitted by: Bastien Roucariès <rouca debian.org> PR: 69767 Github: closes #549 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1927804 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/changes-entries/pr69767.txt b/changes-entries/pr69767.txt
@@ -0,0 +1,3 @@
+  *) mod_unixd: Drop test that effective user ID is zero in
+     a chroot configuration.  PR 69767.
+     [Bastien Roucaries <rouca debian.org>]
diff --git a/modules/arch/unix/mod_unixd.c b/modules/arch/unix/mod_unixd.c
@@ -152,12 +152,6 @@ AP_DECLARE(int) ap_unixd_setup_child(void)
     }
 
     if (NULL != ap_unixd_config.chroot_dir) {
-        if (geteuid()) {
-            ap_log_error(APLOG_MARK, APLOG_ALERT, 0, NULL, APLOGNO(02158)
-                         "Cannot chroot when not started as root");
-            return EPERM;
-        }
-
         if (chdir(ap_unixd_config.chroot_dir) != 0) {
             rv = errno;
             ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL, APLOGNO(02159)

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+ *) mod_unixd: Drop test that effective user ID is zero in`
	`2`	`+ a chroot configuration. PR 69767.`
	`3`	`+ [Bastien Roucaries <rouca debian.org>]`