2 files changed, 8 insertions, 1 deletions

diff --git a/usr.sbin/nginx/src/os/unix/ngx_process_cycle.c b/usr.sbin/nginx/src/os/unix/ngx_process_cycle.c
index 8079be69646..1c385419c9e 100644
--- a/usr.sbin/nginx/src/os/unix/ngx_process_cycle.c
+++ b/usr.sbin/nginx/src/os/unix/ngx_process_cycle.c
@@ -48,6 +48,7 @@ sig_atomic_t  ngx_reopen;
 sig_atomic_t  ngx_change_binary;
 ngx_pid_t     ngx_new_binary;
 ngx_uint_t    ngx_inherited;
+ngx_uint_t    ngx_chrooted = 1;
 ngx_uint_t    ngx_daemonized;
 
 sig_atomic_t  ngx_noaccept;
@@ -888,6 +889,10 @@ ngx_worker_process_init(ngx_cycle_t *cycle, ngx_uint_t priority)
 #endif
 
     if (geteuid() == 0) {
+        if (!ngx_chrooted) {
+            goto nochroot;
+        }
+
 	if ((pw = getpwnam(ccf->username)) == NULL) {
             ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno,
                           "getpwnam(%s) failed", ccf->username);
@@ -922,7 +927,8 @@ ngx_worker_process_init(ngx_cycle_t *cycle, ngx_uint_t priority)
             /* fatal */
             exit(2);
 	}
-	
+
+nochroot:
         if (setgid(ccf->group) == -1) {
             ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno,
                           "setgid(%d) failed", ccf->group);
diff --git a/usr.sbin/nginx/src/os/unix/ngx_process_cycle.h b/usr.sbin/nginx/src/os/unix/ngx_process_cycle.h
index e6cef6b3f96..3bd292dfa0b 100644
--- a/usr.sbin/nginx/src/os/unix/ngx_process_cycle.h
+++ b/usr.sbin/nginx/src/os/unix/ngx_process_cycle.h
@@ -41,6 +41,7 @@ extern ngx_uint_t      ngx_process;
 extern ngx_pid_t       ngx_pid;
 extern ngx_pid_t       ngx_new_binary;
 extern ngx_uint_t      ngx_inherited;
+extern ngx_uint_t      ngx_chrooted;
 extern ngx_uint_t      ngx_daemonized;
 extern ngx_uint_t      ngx_threaded;
 extern ngx_uint_t      ngx_exiting;