Accept numeric USER values with no group ID

Change our behavior when we're given USER with a numeric UID and no GID, so that we no longer error out if the UID doesn't correspond to a known user so that we can use that user's primary GID. Instead, use GID 0. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #313 Approved by: rhatdan
containers · Nov 10, 2017 · c83cd3f · c83cd3f
1 parent d41ac23
commit c83cd3f
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 1 deletion.
diff --git a/tests/run.bats b/tests/run.bats
@@ -114,6 +114,7 @@ load helpers
 	testuser=jimbo
 	testgroup=jimbogroup
 	testuid=$RANDOM
+	testotheruid=$RANDOM
 	testgid=$RANDOM
 	testgroupid=$RANDOM
 	echo "$testuser:x:$testuid:$testgid:Jimbo Jenkins:/home/$testuser:/bin/sh" >> $root/etc/passwd
@@ -154,6 +155,20 @@ load helpers
 	run buildah --debug=false run -- $cid id -g
 	[ "$output" = $testgroupid ]
 
+	buildah config $cid -u ${testotheruid}:${testgroup}
+	buildah run -- $cid id
+	run buildah --debug=false run -- $cid id -u
+	[ "$output" = $testotheruid ]
+	run buildah --debug=false run -- $cid id -g
+	[ "$output" = $testgroupid ]
+
+	buildah config $cid -u ${testotheruid}
+	buildah run -- $cid id
+	run buildah --debug=false run -- $cid id -u
+	[ "$output" = $testotheruid ]
+	run buildah --debug=false run -- $cid id -g
+	[ "$output" = 0 ]
+
 	buildah config $cid -u ${testuser}:${testgroupid}
 	buildah run -- $cid id
 	run buildah --debug=false run -- $cid id -u

diff --git a/user.go b/user.go
@@ -26,21 +26,32 @@ func getUser(rootdir, userspec string) (specs.User, error) {
 	uid64, uerr := strconv.ParseUint(userspec, 10, 32)
 	if uerr == nil && groupspec == "" {
 		// We parsed the user name as a number, and there's no group
-		// component, so we need to look up the user's primary GID.
+		// component, so try to look up the primary GID of the user who
+		// has this UID.
 		var name string
 		name, gid64, gerr = lookupGroupForUIDInContainer(rootdir, uid64)
 		if gerr == nil {
 			userspec = name
+		} else {
+			// Leave userspec alone, but swallow the error and just
+			// use GID 0.
+			gid64 = 0
+			gerr = nil
 		}
 	}
 	if uerr != nil {
+		// The user ID couldn't be parsed as a number, so try to look
+		// up the user's UID and primary GID.
 		uid64, gid64, uerr = lookupUserInContainer(rootdir, userspec)
 		gerr = uerr
 	}
 
 	if groupspec != "" {
+		// We have a group name or number, so parse it.
 		gid64, gerr = strconv.ParseUint(groupspec, 10, 32)
 		if gerr != nil {
+			// The group couldn't be parsed as a number, so look up
+			// the group's GID.
 			gid64, gerr = lookupGroupInContainer(rootdir, groupspec)
 		}
 	}