From b21aa6bac46775b3f09def90632ef76bf3db9bab Mon Sep 17 00:00:00 2001
From: Diego Tavares <dtavares@imageworks.com>
Date: Fri, 16 Aug 2024 14:27:51 -0700
Subject: [PATCH] [rqd] Set uid and gid when creating user for a job (#1480)

When a user has to be created with `useradd`, the user should have the
same `uid` and `gid` of the user who created the job. This ensures
directories and files created during the job execution have the same
permissions.

Not explicitly setting uid and gid causes problems for dockerized rqds
trying to write to shared storage volumes mounted in bind mode.

- This PR also contains a minor change to allow overriding the value of
`SP_OS` (Constant used to identify a host distro) using the config file.
---
 rqd/rqd/rqconstants.py |  2 ++
 rqd/rqd/rqcore.py      |  2 +-
 rqd/rqd/rqutil.py      | 14 ++++++++++----
 3 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/rqd/rqd/rqconstants.py b/rqd/rqd/rqconstants.py
index 87585844e..105685270 100644
--- a/rqd/rqd/rqconstants.py
+++ b/rqd/rqd/rqconstants.py
@@ -223,6 +223,8 @@
             MINIMUM_IDLE = config.getint(__override_section, "MINIMUM_IDLE")
         if config.has_option(__override_section, "SENTRY_DSN_PATH"):
             SENTRY_DSN_PATH = config.getint(__override_section, "SENTRY_DSN_PATH")
+        if config.has_option(__override_section, "SP_OS"):
+            SP_OS = config.get(__override_section, "SP_OS")
 
         if config.has_section(__host_env_var_section):
             RQD_HOST_ENV_VARS = config.options(__host_env_var_section)
diff --git a/rqd/rqd/rqcore.py b/rqd/rqd/rqcore.py
index 8210cfcc3..51e0b90f0 100644
--- a/rqd/rqd/rqcore.py
+++ b/rqd/rqd/rqcore.py
@@ -297,7 +297,7 @@ def runLinux(self):
         self.__writeHeader()
         if rqd.rqconstants.RQD_CREATE_USER_IF_NOT_EXISTS:
             rqd.rqutil.permissionsHigh()
-            rqd.rqutil.checkAndCreateUser(runFrame.user_name)
+            rqd.rqutil.checkAndCreateUser(runFrame.user_name, runFrame.uid, runFrame.gid)
             rqd.rqutil.permissionsLow()
 
         tempStatFile = "%srqd-stat-%s-%s" % (self.rqCore.machine.getTempPath(),
diff --git a/rqd/rqd/rqutil.py b/rqd/rqd/rqutil.py
index e9e95fe2a..df7c0bf30 100644
--- a/rqd/rqd/rqutil.py
+++ b/rqd/rqd/rqutil.py
@@ -132,7 +132,7 @@ def __becomeRoot():
             pass
 
 
-def checkAndCreateUser(username):
+def checkAndCreateUser(username, uid=None, gid=None):
     """Check to see if the provided user exists, if not attempt to create it."""
     # TODO(gregdenton): Add Windows and Mac support here. (Issue #61)
     if not rqd.rqconstants.RQD_BECOME_JOB_USER:
@@ -141,11 +141,17 @@ def checkAndCreateUser(username):
         pwd.getpwnam(username)
         return
     except KeyError:
-        subprocess.check_call([
+        cmd = [
             'useradd',
             '-p', str(uuid.uuid4()),  # generate a random password
-            username
-        ])
+        ]
+        if uid:
+            cmd += ['-u', str(uid)]
+        if gid:
+            cmd += ['-g', str(gid)]
+        cmd.append(username)
+        log.info("Frame's username not found on host. Adding user with: %s", cmd)
+        subprocess.check_call(cmd)
 
 
 def getHostIp():