Skip to content

Commit

Permalink
Merge pull request #2461 from hashicorp/b-groups
Browse files Browse the repository at this point in the history
Various fixes for setting user/group of task
  • Loading branch information
dadgar authored Mar 28, 2017
2 parents 3750f97 + 67c07c9 commit d698288
Show file tree
Hide file tree
Showing 2 changed files with 24 additions and 0 deletions.
5 changes: 5 additions & 0 deletions client/client.go
Original file line number Diff line number Diff line change
Expand Up @@ -359,6 +359,11 @@ func (c *Client) init() error {
return fmt.Errorf("failed to find temporary directory for the AllocDir: %v", err)
}

// Change the permissions to have the execute bit
if err := os.Chmod(p, 0755); err != nil {
return fmt.Errorf("failed to change directory permissions for the AllocDir: %v", err)
}

c.config.AllocDir = p
}

Expand Down
19 changes: 19 additions & 0 deletions client/driver/executor/executor_linux.go
Original file line number Diff line number Diff line change
Expand Up @@ -173,6 +173,22 @@ func (e *UniversalExecutor) runAs(userid string) error {
return fmt.Errorf("Failed to identify user %v: %v", userid, err)
}

// Get the groups the user is a part of
gidStrings, err := u.GroupIds()
if err != nil {
return fmt.Errorf("Unable to lookup user's group membership: %v", err)
}

gids := make([]uint32, len(gidStrings))
for _, gidString := range gidStrings {
u, err := strconv.Atoi(gidString)
if err != nil {
return fmt.Errorf("Unable to convert user's group to int %s: %v", gidString, err)
}

gids = append(gids, uint32(u))
}

// Convert the uid and gid
uid, err := strconv.ParseUint(u.Uid, 10, 32)
if err != nil {
Expand All @@ -192,6 +208,9 @@ func (e *UniversalExecutor) runAs(userid string) error {
}
e.cmd.SysProcAttr.Credential.Uid = uint32(uid)
e.cmd.SysProcAttr.Credential.Gid = uint32(gid)
e.cmd.SysProcAttr.Credential.Groups = gids

e.logger.Printf("[DEBUG] executor: running as user:group %d:%d with group membership in %v", uid, gid, gids)

return nil
}
Expand Down

0 comments on commit d698288

Please sign in to comment.