From 5c9c78d7859f6a45e8267f7017313002316c3257 Mon Sep 17 00:00:00 2001 From: Joe Orton Date: Fri, 15 Aug 2025 07:38:26 +0000 Subject: [PATCH] * modules/arch/unix/mod_unixd.ci (ap_unixd_setup_child): Do not test euid=0 before going chroot MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Nowaday chroot need CAP_SYS_CHROOT capability in its user namespace, and could work without root. Will allow to use chroot with lesser permission. Submitted by: Bastien Roucariès PR: 69767 Github: closes #549 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1927804 13f79535-47bb-0310-9956-ffa450edef68 --- changes-entries/pr69767.txt | 3 +++ modules/arch/unix/mod_unixd.c | 6 ------ 2 files changed, 3 insertions(+), 6 deletions(-) create mode 100644 changes-entries/pr69767.txt diff --git a/changes-entries/pr69767.txt b/changes-entries/pr69767.txt new file mode 100644 index 00000000000..de02414769e --- /dev/null +++ b/changes-entries/pr69767.txt @@ -0,0 +1,3 @@ + *) mod_unixd: Drop test that effective user ID is zero in + a chroot configuration. PR 69767. + [Bastien Roucaries ] diff --git a/modules/arch/unix/mod_unixd.c b/modules/arch/unix/mod_unixd.c index 4ce279856f9..7a996aabe21 100644 --- a/modules/arch/unix/mod_unixd.c +++ b/modules/arch/unix/mod_unixd.c @@ -152,12 +152,6 @@ AP_DECLARE(int) ap_unixd_setup_child(void) } if (NULL != ap_unixd_config.chroot_dir) { - if (geteuid()) { - ap_log_error(APLOG_MARK, APLOG_ALERT, 0, NULL, APLOGNO(02158) - "Cannot chroot when not started as root"); - return EPERM; - } - if (chdir(ap_unixd_config.chroot_dir) != 0) { rv = errno; ap_log_error(APLOG_MARK, APLOG_ALERT, errno, NULL, APLOGNO(02159) -- 2.47.3