You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2013/11/16 18:03:49 UTC
[Bug 55787] New: Chroot fails with "Cannot chroot when not started
as root" error
https://issues.apache.org/bugzilla/show_bug.cgi?id=55787
Bug ID: 55787
Summary: Chroot fails with "Cannot chroot when not started as
root" error
Product: Apache httpd-2
Version: 2.4.6
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Core
Assignee: bugs@httpd.apache.org
Reporter: gravatar@selvans.net
I have set my chroot directory as shown below.
ChrootDir /var/www
When started with the above chroot setting, apache2 exits with the following
error
[Sat Nov 16 10:20:54.241556 2013] [unixd:alert] [pid 12802] (2)No such file or
directory: AH02158: Cannot chroot when not started as root
NOTE: apache2 is started as 'root' user. It looks like the call to check
geteuid() is made after apache2 lowers its privilege to APACHE_RUN_USER?
I am not sure this is a bug or configuration issue. This directory (/var/www)
mentioned above was setup with everything needed for chroot'ed environment with
libapache2-mod-chroot and was working fine for many years running under apache
2.2. Recently, I upgraded to 2.4.6 and wanted to switch to apache2's native
Chroot since mod_chroot is no longer maintained and I am now stuck with the
above error.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 55787] Chroot fails with "Cannot chroot when not started as
root" error
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=55787
--- Comment #6 from Arul <gr...@selvans.net> ---
Very interesting.... I do see it loaded twice!, how do I get rid of one?
root@gorilla:/etc/apache2# apachectl -l -M
Compiled in modules:
core.c
mod_so.c
mod_watchdog.c
http_core.c
mod_log_config.c
mod_logio.c
mod_version.c
mod_unixd.c
mod_unixd.c
root@gorilla:/etc/apache2#
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 55787] Chroot fails with "Cannot chroot when not started as
root" error
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=55787
--- Comment #4 from Arul <gr...@selvans.net> ---
Created attachment 31050
--> https://issues.apache.org/bugzilla/attachment.cgi?id=31050&action=edit
minimal apache.conf
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 55787] Chroot fails with "Cannot chroot when not started as
root" error
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=55787
--- Comment #3 from Arul <gr...@selvans.net> ---
Created attachment 31049
--> https://issues.apache.org/bugzilla/attachment.cgi?id=31049&action=edit
error log
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 55787] Chroot fails with "Cannot chroot when not started as
root" error
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=55787
--- Comment #5 from Eric Covener <co...@gmail.com> ---
Pretty weird, the trace shows geteuid(), chdir(), chroot() which are all after
the message you say was issued (assuming it hasn't changed recently) but those
all follow the error.
It's almost like you have a 2nd copy of the mod_unixd code loaded.
can you add apachectl -l and -M output w/ the same conf from the strace?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 55787] Chroot fails with "Cannot chroot when not started as
root" error
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=55787
Stefan Fritsch <sf...@sfritsch.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |FixedInTrunk
--- Comment #8 from Stefan Fritsch <sf...@sfritsch.de> ---
Trunk fix: r1542615 .
This will fixed in Debian in the next upload. If you use an already released
version of Ubuntu that includes 2.4, you need to file a bug report with Ubuntu.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 55787] Chroot fails with "Cannot chroot when not started as
root" error
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=55787
--- Comment #10 from Arul Selvan <gr...@selvans.net> ---
(In reply to Arul Selvan from comment #9)
> Yes, I am using the latest Ubuntu 13.10 that includes the 2.4.6 version.
>
> root@gorilla:~# apache2ctl -v
> Server version: Apache/2.4.6 (Ubuntu)
> Server built: Aug 9 2013 14:31:04
> root@gorilla:~# cat /etc/lsb-release
> DISTRIB_ID=Ubuntu
> DISTRIB_RELEASE=13.10
> DISTRIB_CODENAME=saucy
> DISTRIB_DESCRIPTION="Ubuntu 13.10"
>
> I will file a bug report w/ Ubuntu referencing this.
>
> Thank you for your help.
Bug report filed in Ubuntu:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1251939
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 55787] Chroot fails with "Cannot chroot when not started as
root" error
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=55787
Eric Covener <co...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |NEEDINFO
--- Comment #1 from Eric Covener <co...@gmail.com> ---
Dropping userid happens later in the same function. Also, works for me.
Can you demonstrate with a minimal configuration and include it w/ an strace -f
of startup?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 55787] Chroot fails with "Cannot chroot when not started as
root" error
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=55787
--- Comment #9 from Arul Selvan <gr...@selvans.net> ---
Yes, I am using the latest Ubuntu 13.10 that includes the 2.4.6 version.
root@gorilla:~# apache2ctl -v
Server version: Apache/2.4.6 (Ubuntu)
Server built: Aug 9 2013 14:31:04
root@gorilla:~# cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=13.10
DISTRIB_CODENAME=saucy
DISTRIB_DESCRIPTION="Ubuntu 13.10"
I will file a bug report w/ Ubuntu referencing this.
Thank you for your help.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 55787] Chroot fails with "Cannot chroot when not started as
root" error
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=55787
Arul <gr...@selvans.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEEDINFO |NEW
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 55787] Chroot fails with "Cannot chroot when not started as
root" error
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=55787
--- Comment #7 from Eric Covener <co...@gmail.com> ---
(In reply to Arul from comment #6)
> Very interesting.... I do see it loaded twice!, how do I get rid of one?
>
> root@gorilla:/etc/apache2# apachectl -l -M
> mod_unixd.c
> mod_unixd.c
> root@gorilla:/etc/apache2#
That is an impressive bug. Can you open a bug against ubuntu/debian/wherever
the build comes from?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 55787] Chroot fails with "Cannot chroot when not started as
root" error
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=55787
--- Comment #2 from Arul <gr...@selvans.net> ---
Created attachment 31048
--> https://issues.apache.org/bugzilla/attachment.cgi?id=31048&action=edit
strace output
Here you go...
root@gorilla:/etc/apache2# rm /var/log/apache2/error.log
root@gorilla:/etc/apache2# apachectl start >/tmp/apache2_strace.log 2>&1
I am attaching apache.conf and apache2.strace.log
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 55787] Chroot fails with "Cannot chroot when not started as
root" error
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=55787
Arul <gr...@selvans.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |gravatar@selvans.net
Severity|normal |major
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org