Chroot fails with "Cannot chroot when not started as root" error
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Apache2 Web Server |
Fix Released
|
High
|
|||
apache2 (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Saucy |
Fix Released
|
Medium
|
Unassigned |
Bug Description
[Impact]
The Apache ChrootDir directive doesn't work, causing Apache to fail if you try to use it. This means that it is not possible to run Apache in a chroot, which is a regression from 13.04.
[Development Fix]
Adjust build system to not use things inside .pc/. This also requires the regeneration of debian/
[Stable Fix]
Same as development fix.
[Test Case]
In included dep8 test. Install dpkg-dev and wget, then run "sh debian/
[Regression Potential]
Having to adjust the build system is not ideal, and could impact anything. But what was being done before is obviously flawed, and could introduce other problems not yet reported.
On balance, I think it is worth the SRU, since the unknowns also include other bugs that we don't know about.
It might be worth mandating additional verification here, though, or a longer than normal aging period.
I will leave the SRU team to decide.
[Original Description]
I have set my chroot directory as shown below.
ChrootDir /var/www
When started with the above chroot setting, apache2 exits with the following error
[Sat Nov 16 13:52:40.621872 2013] [unixd:alert] [pid 3747] (34)Numerical result out of range: AH02158: Cannot chroot when not started as root
NOTE: apache2 is started as 'root' user. This was reported as a bug in apache.org earlier (link below) where it was confirmed this is fixed in a trunk.
https:/
Details of my Ubuntu server:
-------
root@gorilla:~# cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_
DISTRIB_
DISTRIB_
root@gorilla:~# apache2ctl -v
Server version: Apache/2.4.6 (Ubuntu)
Server built: Aug 9 2013 14:31:04
root@gorilla:~# apache2ctl -l -M
Compiled in modules:
core.c
mod_so.c
mod_watchdog.c
http_core.c
mod_log_config.c
mod_logio.c
mod_version.c
mod_unixd.c
mod_unixd.c
description: | updated |
description: | updated |
tags: |
added: verification-done removed: verification-needed |
Changed in apache2: | |
importance: | Unknown → High |
status: | Unknown → Fix Released |
I have set my chroot directory as shown below.
ChrootDir /var/www
When started with the above chroot setting, apache2 exits with the following error
[Sat Nov 16 10:20:54.241556 2013] [unixd:alert] [pid 12802] (2)No such file or directory: AH02158: Cannot chroot when not started as root
NOTE: apache2 is started as 'root' user. It looks like the call to check geteuid() is made after apache2 lowers its privilege to APACHE_RUN_USER?
I am not sure this is a bug or configuration issue. This directory (/var/www) mentioned above was setup with everything needed for chroot'ed environment with libapache2- mod-chroot and was working fine for many years running under apache 2.2. Recently, I upgraded to 2.4.6 and wanted to switch to apache2's native Chroot since mod_chroot is no longer maintained and I am now stuck with the above error.