* modules/arch/unix/mod_unixd.ci (ap_unixd_setup_child):

  Do not test euid=0 before going chroot

Nowaday chroot need CAP_SYS_CHROOT capability in its user namespace, and could
work without root.

Will allow to use chroot with lesser permission.

Submitted by: Bastien Roucariès <rouca debian.org>
PR: 69767
Github: closes #549

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1927804 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/changes-entries/pr69767.txt b/changes-entries/pr69767.txt
new file mode 100644 (file)
index 0000000..de02414
--- /dev/null
+++ b/changes-entries/pr69767.txt
@@ -0,0 +1,3 @@
+  *) mod_unixd: Drop test that effective user ID is zero in
+     a chroot configuration.  PR 69767.
+     [Bastien Roucaries <rouca debian.org>]

diff --git a/modules/arch/unix/mod_unixd.c b/modules/arch/unix/mod_unixd.c
index 4ce279856f944301389d5f1956d6b49876d456cc..7a996aabe21b41fd40ba34387539b020b3c60110 100644 (file)
--- a/modules/arch/unix/mod_unixd.c
+++ b/modules/arch/unix/mod_unixd.c
@@ -152,12 +152,6 @@ AP_DECLARE(int) ap_unixd_setup_child(void)
     }
 
     if (NULL != ap_unixd_config.chroot_dir) {
-        if (geteuid()) {
-            ap_log_error(APLOG_MARK, APLOG_ALERT, 0, NULL, APLOGNO(02158)
-                         "Cannot chroot when not started as root");
-            return EPERM;
-        }
-
         if (chdir(ap_unixd_config.chroot_dir) != 0) {
             rv = errno;
             ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL, APLOGNO(02159)