Do not require opcache.preload_user in cli SAPIs

ext/opcache/ZendAccelerator.c

@@ -4687,6 +4687,13 @@ static int accel_finish_startup_preload_subprocess(pid_t *pid)
 	if (!ZCG(accel_directives).preload_user
 	 || !*ZCG(accel_directives).preload_user) {
 
+		bool sapi_requires_preload_user = !(strcmp(sapi_module.name, "cli") == 0
+		  || strcmp(sapi_module.name, "phpdbg") == 0);
+
+		if (!sapi_requires_preload_user) {
+			*pid = -1;
+			return SUCCESS;
+		}
 
 		zend_shared_alloc_unlock();
 		zend_accel_error_noreturn(ACCEL_LOG_FATAL, "\"opcache.preload\" requires \"opcache.preload_user\" when running under uid 0");

ext/opcache/tests/preload_user.inc

@@ -0,0 +1,5 @@
+<?php
+
+var_dump(posix_getuid() === 0);
+
+require __DIR__ . '/preload.inc';

ext/opcache/tests/preload_user_001.phpt

@@ -0,0 +1,28 @@
+--TEST--
+preload_user has no effect when euid is not 0
+--INI--
+opcache.enable=1
+opcache.enable_cli=1
+opcache.optimization_level=-1
+opcache.preload={PWD}/preload.inc
+opcache.preload_user=php
+opcache.log_verbosity_level=2
+--EXTENSIONS--
+opcache
+posix
+--SKIPIF--
+<?php
+if (PHP_OS_FAMILY == 'Windows') die('skip Preloading is not supported on Windows');
+if (posix_geteuid() === 0) die('skip Test needs non-root user');
+?>
+--FILE--
+<?php
+var_dump(function_exists("f1"));
+var_dump(function_exists("f2"));
+?>
+OK
+--EXPECTF--
+%sWarning "opcache.preload_user" is ignored
+bool(true)
+bool(false)
+OK

ext/opcache/tests/preload_user_002.phpt

@@ -0,0 +1,28 @@
+--TEST--
+preload_user sets the process uid
+--INI--
+opcache.enable=1
+opcache.enable_cli=1
+opcache.optimization_level=-1
+opcache.preload={PWD}/preload_user.inc
+opcache.preload_user={ENV:TEST_NON_ROOT_USER}
+opcache.log_verbosity_level=2
+--EXTENSIONS--
+opcache
+posix
+--SKIPIF--
+<?php
+if (PHP_OS_FAMILY == 'Windows') die('skip Preloading is not supported on Windows');
+if (posix_geteuid() !== 0) die('skip Test needs root user');
+?>
+--FILE--
+<?php
+var_dump(function_exists("f1"));
+var_dump(function_exists("f2"));
+?>
+OK
+--EXPECTF--
+bool(false)
+bool(true)
+bool(false)
+OK

ext/opcache/tests/preload_user_003.phpt

@@ -0,0 +1,29 @@
+--TEST--
+preload_user has no effect when preload_user is the current user
+--INI--
+opcache.enable=1
+opcache.enable_cli=1
+opcache.optimization_level=-1
+opcache.preload={PWD}/preload_user.inc
+opcache.preload_user=root
+opcache.log_verbosity_level=2
+--EXTENSIONS--
+opcache
+posix
+--SKIPIF--
+<?php
+if (PHP_OS_FAMILY == 'Windows') die('skip Preloading is not supported on Windows');
+if (posix_geteuid() !== 0) die('skip Test needs root user');
+if (posix_getpwnam('root') === false) die('skip Root user does not exist');
+?>
+--FILE--
+<?php
+var_dump(function_exists("f1"));
+var_dump(function_exists("f2"));
+?>
+OK
+--EXPECTF--
+bool(true)
+bool(true)
+bool(false)
+OK

ext/opcache/tests/preload_user_004.phpt

@@ -0,0 +1,72 @@
+--TEST--
+preload_user is required when euid is 0 under non-cli SAPIs
+--INI--
+--EXTENSIONS--
+opcache
+posix
+--SKIPIF--
+<?php
+require dirname(__DIR__, 3) . '/sapi/fpm/tests/skipif.inc';
+if (PHP_OS_FAMILY == 'Windows') die('skip Preloading is not supported on Windows');
+if (posix_geteuid() !== 0) die('skip Test needs root user');
+?>
+--FILE--
+<?php
+
+require_once dirname(__DIR__, 3) . '/sapi/fpm/tests/tester.inc';
+
+$cfg = <<<EOT
+[global]
+error_log = {{FILE:LOG}}
+[unconfined]
+listen = {{ADDR}}
+pm = dynamic
+pm.max_children = 5
+pm.start_servers = 2
+pm.min_spare_servers = 1
+pm.max_spare_servers = 3
+EOT;
+
+$code = <<<EOT
+<?php
+var_dump(function_exists("f1"));
+var_dump(function_exists("f2"));
+?>
+OK
+EOT;
+
+$args = [];
+if (file_exists(ini_get('extension_dir').'/opcache.so')) {
+    $args[] = '-dzend_extension='.ini_get('extension_dir').'/opcache.so';
+}
+if (file_exists(ini_get('extension_dir').'/posix.so')) {
+    $args[] = '-dextension='.ini_get('extension_dir').'/posix.so';
+}
+$args = [
+    ...$args,
+    '-dopcache.enable=1',
+    '-dopcache.optimization_level=-1',
+    '-dopcache.preload='.__DIR__.'/preload.inc',
+    '-dopcache.log_verbosity_level=2',
+];
+
+$tester = new FPM\Tester($cfg, $code);
+$tester->start($args);
+var_dump($tester->getLogLines(1));
+$tester->terminate();
+$tester->close();
+
+?>
+Done
+--EXPECTF--
+array(1) {
+  [0]=>
+  string(%d) "%sFatal Error "opcache.preload" requires "opcache.preload_user" when running under uid 0
+"
+}
+Done
+--CLEAN--
+<?php
+require_once dirname(__DIR__, 3) . '/sapi/fpm/tests/tester.inc';
+FPM\Tester::clean();
+?>

ext/opcache/tests/preload_user_005.phpt

@@ -0,0 +1,77 @@
+--TEST--
+preload_user=root is allowed under non-cli SAPIs
+--INI--
+--EXTENSIONS--
+opcache
+posix
+--SKIPIF--
+<?php
+require dirname(__DIR__, 3) . '/sapi/fpm/tests/skipif.inc';
+if (PHP_OS_FAMILY == 'Windows') die('skip Preloading is not supported on Windows');
+if (posix_geteuid() !== 0) die('skip Test needs root user');
+if (posix_getpwnam('root') === false) die('skip Root user does not exist');
+?>
+--FILE--
+<?php
+
+require_once dirname(__DIR__, 3) . '/sapi/fpm/tests/tester.inc';
+
+$cfg = <<<EOT
+[global]
+error_log = {{FILE:LOG}}
+[unconfined]
+listen = {{ADDR}}
+pm = dynamic
+pm.max_children = 5
+pm.start_servers = 2
+pm.min_spare_servers = 1
+pm.max_spare_servers = 3
+EOT;
+
+$code = <<<EOT
+<?php
+var_dump(function_exists("f1"));
+var_dump(function_exists("f2"));
+?>
+OK
+EOT;
+
+$args = [];
+if (file_exists(ini_get('extension_dir').'/opcache.so')) {
+    $args[] = '-dzend_extension='.ini_get('extension_dir').'/opcache.so';
+}
+if (file_exists(ini_get('extension_dir').'/posix.so')) {
+    $args[] = '-dextension='.ini_get('extension_dir').'/posix.so';
+}
+$args = [
+    ...$args,
+    '-dopcache.enable=1',
+    '-dopcache.optimization_level=-1',
+    '-dopcache.preload='.__DIR__.'/preload.inc',
+    '-dopcache.preload_user=root',
+    '-dopcache.log_verbosity_level=2',
+    '-R',
+];
+
+$tester = new FPM\Tester($cfg, $code);
+$tester->start($args);
+$tester->expectLogStartNotices();
+$tester
+    ->request()
+    ->expectBody([
+        'bool(true)',
+        'bool(false)',
+        'OK',
+    ]);
+$tester->terminate();
+$tester->close();
+
+?>
+Done
+--EXPECT--
+Done
+--CLEAN--
+<?php
+require_once dirname(__DIR__, 3) . '/sapi/fpm/tests/tester.inc';
+FPM\Tester::clean();
+?>

run-tests.php

@@ -2059,9 +2059,6 @@ TEST $file
         // Make sure warnings still show up on the second run.
         $ini_settings['opcache.record_warnings'] = '1';
     }
-    if (extension_loaded('posix') && posix_getuid() === 0) {
-        $ini_settings['opcache.preload_user'] = 'root';
-    }
 
     // Any special ini settings
     // these may overwrite the test defaults...
@@ -2070,6 +2067,19 @@ TEST $file
         $ini = str_replace('{TMP}', sys_get_temp_dir(), $ini);
         $replacement = IS_WINDOWS ? '"' . PHP_BINARY . ' -r \"while ($in = fgets(STDIN)) echo $in;\" > $1"' : 'tee $1 >/dev/null';
         $ini = preg_replace('/{MAIL:(\S+)}/', $replacement, $ini);
+        $skip = false;
+        $ini = preg_replace_callback('/{ENV:(\S+)}/', function ($m) use (&$skip) {
+            $name = $m[1];
+            $value = getenv($name);
+            if ($value === false) {
+                $skip = sprintf('Environment variable %s is not set', $name);
+                return '';
+            }
+            return $value;
+        }, $ini);
+        if ($skip !== false) {
+            return skip_test($tested, $tested_file, $shortname, $skip);
+        }
         settings2array(preg_split("/[\n\r]+/", $ini), $ini_settings);
 
         if ($num_repeats > 1 && isset($ini_settings['opcache.opt_debug_level'])) {