1 files changed, 40 insertions, 5 deletions
diff --git a/ansible_collections/community/general/plugins/connection/chroot.py b/ansible_collections/community/general/plugins/connection/chroot.py
index ef6d5566d..810316aaa 100644
--- a/ansible_collections/community/general/plugins/connection/chroot.py
+++ b/ansible_collections/community/general/plugins/connection/chroot.py
@@ -46,8 +46,42 @@ DOCUMENTATION = '''
         vars:
           - name: ansible_chroot_exe
         default: chroot
+      disable_root_check:
+        description:
+            - Do not check that the user is not root.
+        ini:
+          - section: chroot_connection
+            key: disable_root_check
+        env:
+          - name: ANSIBLE_CHROOT_DISABLE_ROOT_CHECK
+        vars:
+          - name: ansible_chroot_disable_root_check
+        default: false
+        type: bool
+        version_added: 7.3.0
 '''
 
+EXAMPLES = r"""
+# Plugin requires root privileges for chroot, -E preserves your env (and location of ~/.ansible):
+# sudo -E ansible-playbook ...
+#
+# Static inventory file
+# [chroots]
+# /path/to/debootstrap
+# /path/to/feboostrap
+# /path/to/lxc-image
+# /path/to/chroot
+
+# playbook
+---
+- hosts: chroots
+  connection: community.general.chroot
+  tasks:
+    - debug:
+        msg: "This is coming from chroot environment"
+
+"""
+
 import os
 import os.path
 import subprocess
@@ -81,11 +115,7 @@ class Connection(ConnectionBase):
 
         self.chroot = self._play_context.remote_addr
 
-        if os.geteuid() != 0:
-            raise AnsibleError("chroot connection requires running as root")
-
-        # we're running as root on the local system so do some
-        # trivial checks for ensuring 'host' is actually a chroot'able dir
+        # do some trivial checks for ensuring 'host' is actually a chroot'able dir
         if not os.path.isdir(self.chroot):
             raise AnsibleError("%s is not a directory" % self.chroot)
 
@@ -99,6 +129,11 @@ class Connection(ConnectionBase):
 
     def _connect(self):
         """ connect to the chroot """
+        if not self.get_option('disable_root_check') and os.geteuid() != 0:
+            raise AnsibleError(
+                "chroot connection requires running as root. "
+                "You can override this check with the `disable_root_check` option.")
+
         if os.path.isabs(self.get_option('chroot_exe')):
             self.chroot_cmd = self.get_option('chroot_exe')
         else: