From fa8710171bbf2175bce1367bf2a44f8fde7832db Mon Sep 17 00:00:00 2001
From: Tom Clegg <tom@curii.com>
Date: Fri, 18 Mar 2022 00:56:41 -0400
Subject: [PATCH] 18732: Log crunch-run process uid, gid, and groups.

Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@curii.com>
---
 lib/crunchrun/crunchrun.go      | 29 +++++++++++++++++++++++++++++
 lib/crunchrun/crunchrun_test.go |  1 +
 2 files changed, 30 insertions(+)

diff --git a/lib/crunchrun/crunchrun.go b/lib/crunchrun/crunchrun.go
index 4fa3f26ab5..65f43e9644 100644
--- a/lib/crunchrun/crunchrun.go
+++ b/lib/crunchrun/crunchrun.go
@@ -19,6 +19,7 @@ import (
 	"os"
 	"os/exec"
 	"os/signal"
+	"os/user"
 	"path"
 	"path/filepath"
 	"regexp"
@@ -1475,6 +1476,7 @@ func (runner *ContainerRunner) NewArvLogWriter(name string) (io.WriteCloser, err
 // Run the full container lifecycle.
 func (runner *ContainerRunner) Run() (err error) {
 	runner.CrunchLog.Printf("crunch-run %s started", cmd.Version.String())
+	runner.CrunchLog.Printf("%s", currentUserAndGroups())
 	runner.CrunchLog.Printf("Executing container '%s' using %s runtime", runner.Container.UUID, runner.executor.Runtime())
 
 	hostname, hosterr := os.Hostname()
@@ -2045,3 +2047,30 @@ func startLocalKeepstore(configData ConfigData, logbuf io.Writer) (*exec.Cmd, er
 	os.Setenv("ARVADOS_KEEP_SERVICES", url)
 	return cmd, nil
 }
+
+// return current uid, gid, groups in a format suitable for logging:
+// "crunch-run process has uid=1234(arvados) gid=1234(arvados)
+// groups=1234(arvados),114(fuse)"
+func currentUserAndGroups() string {
+	u, err := user.Current()
+	if err != nil {
+		return fmt.Sprintf("error getting current user ID: %s", err)
+	}
+	s := fmt.Sprintf("crunch-run process has uid=%s(%s) gid=%s", u.Uid, u.Username, u.Gid)
+	if g, err := user.LookupGroupId(u.Gid); err == nil {
+		s += fmt.Sprintf("(%s)", g.Name)
+	}
+	s += " groups="
+	if gids, err := u.GroupIds(); err == nil {
+		for i, gid := range gids {
+			if i > 0 {
+				s += ","
+			}
+			s += gid
+			if g, err := user.LookupGroupId(gid); err == nil {
+				s += fmt.Sprintf("(%s)", g.Name)
+			}
+		}
+	}
+	return s
+}
diff --git a/lib/crunchrun/crunchrun_test.go b/lib/crunchrun/crunchrun_test.go
index 26f78d2bf7..62df0032b4 100644
--- a/lib/crunchrun/crunchrun_test.go
+++ b/lib/crunchrun/crunchrun_test.go
@@ -885,6 +885,7 @@ func (s *TestSuite) TestLogVersionAndRuntime(c *C) {
 
 	c.Assert(s.api.Logs["crunch-run"], NotNil)
 	c.Check(s.api.Logs["crunch-run"].String(), Matches, `(?ms).*crunch-run \S+ \(go\S+\) start.*`)
+	c.Check(s.api.Logs["crunch-run"].String(), Matches, `(?ms).*crunch-run process has uid=\d+\(.+\) gid=\d+\(.+\) groups=\d+\(.+\)(,\d+\(.+\))*\n.*`)
 	c.Check(s.api.Logs["crunch-run"].String(), Matches, `(?ms).*Executing container 'zzzzz-zzzzz-zzzzzzzzzzzzzzz' using stub runtime.*`)
 }
 
-- 
2.30.2