From: Joe Orton <jorton@apache.org>
Date: Fri, 15 Aug 2025 07:38:26 +0000 (+0000)
Subject: * modules/arch/unix/mod_unixd.ci (ap_unixd_setup_child):
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5c9c78d7859f6a45e8267f7017313002316c3257;p=thirdparty%2Fapache%2Fhttpd.git

* modules/arch/unix/mod_unixd.ci (ap_unixd_setup_child):
  Do not test euid=0 before going chroot

Nowaday chroot need CAP_SYS_CHROOT capability in its user namespace, and could
work without root.

Will allow to use chroot with lesser permission.

Submitted by: Bastien Roucariès <rouca debian.org>
PR: 69767
Github: closes #549


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1927804 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/changes-entries/pr69767.txt b/changes-entries/pr69767.txt
new file mode 100644
index 00000000000..de02414769e
--- /dev/null
+++ b/changes-entries/pr69767.txt
@@ -0,0 +1,3 @@
+  *) mod_unixd: Drop test that effective user ID is zero in
+     a chroot configuration.  PR 69767.
+     [Bastien Roucaries <rouca debian.org>]
diff --git a/modules/arch/unix/mod_unixd.c b/modules/arch/unix/mod_unixd.c
index 4ce279856f9..7a996aabe21 100644
--- a/modules/arch/unix/mod_unixd.c
+++ b/modules/arch/unix/mod_unixd.c
@@ -152,12 +152,6 @@ AP_DECLARE(int) ap_unixd_setup_child(void)
     }
 
     if (NULL != ap_unixd_config.chroot_dir) {
-        if (geteuid()) {
-            ap_log_error(APLOG_MARK, APLOG_ALERT, 0, NULL, APLOGNO(02158)
-                         "Cannot chroot when not started as root");
-            return EPERM;
-        }
-
         if (chdir(ap_unixd_config.chroot_dir) != 0) {
             rv = errno;
             ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL, APLOGNO(02159)