LimitUIDRange affects User but mod_unixd does not stop on failure
The LimitUIDRange
directive also affects the mod_unixd, which attempts to switch (setuid
) to the user specified in the User
directive.
If mod_unixd fails, it prints a notice but processing continues with the original user, usually root.
The module continues to drop capabilities, so this is not terrible, however, generally mod_unixd should stop processing or the failure must otherwise be detected. Apparently, this is a workaround if HTTPd is started as a non-root user already, see mod_unixd User directive.
[Fri Jul 09 15:44:28.600424 2021] [unixd:alert] [pid 11] (1)Operation not permitted: AH02156: setgid: unable to set group id to Group 1
[Fri Jul 09 15:44:28.600543 2021] [unixd:alert] [pid 12] (1)Operation not permitted: AH02156: setgid: unable to set group id to Group 1