Don't assume that the user's GID is the same as the UID

When taking ownership of the runtime directory or the initialization
stamp file inside it, it was assumed that the user's GID and UID were
the same. However that might not always be the case.

Note that this commit doesn't use the GID passed from the host to the
toolbox container's entry point to configure the user inside the
container. That is actually more difficult than it sounds. The manual
for useradd(8) says that the group specified by the '--gid' flag must
actually exist.

https://github.com/containers/toolbox/issues/664

doc/toolbox-init-container.1.md

@@ -4,7 +4,8 @@
 toolbox\-init\-container - Initialize a running container
 
 ## SYNOPSIS
-**toolbox init-container** *--home HOME*
+**toolbox init-container** *--gid GID*
+                       *--home HOME*
                        *--home-link*
                        *--media-link*
                        *--mnt-link*
@@ -49,6 +50,11 @@ confusion.
 
 The following options are understood:
 
+**--gid** GID
+
+Pass GID as the user's numerical group ID from the host to the toolbox
+container.
+
 **--home** HOME
 
 Create a user inside the toolbox container whose login directory is HOME.

src/cmd/create.go

@@ -379,6 +379,7 @@ func createContainer(container, image, release string, showCommandToEnter bool)
 	entryPoint := []string{
 		"toolbox", "--verbose",
 		"init-container",
+		"--gid", currentUser.Gid,
 		"--home", currentUser.HomeDir,
 	}
 

src/cmd/initContainer.go

@@ -36,6 +36,7 @@ import (
 
 var (
 	initContainerFlags struct {
+		gid         int
 		home        string
 		homeLink    bool
 		mediaLink   bool
@@ -75,6 +76,11 @@ var initContainerCmd = &cobra.Command{
 func init() {
 	flags := initContainerCmd.Flags()
 
+	flags.IntVar(&initContainerFlags.gid,
+		"gid",
+		0,
+		"Create a user inside the toolbox container whose numerical group ID is GID")
+
 	flags.StringVar(&initContainerFlags.home,
 		"home",
 		"",
@@ -130,6 +136,10 @@ func initContainer(cmd *cobra.Command, args []string) error {
 		return errors.New(errMsg)
 	}
 
+	if !cmd.Flag("gid").Changed {
+		initContainerFlags.gid = initContainerFlags.uid
+	}
+
 	utils.EnsureXdgRuntimeDirIsSet(initContainerFlags.uid)
 
 	logrus.Debug("Creating /run/.toolboxenv")
@@ -303,7 +313,7 @@ func initContainer(cmd *cobra.Command, args []string) error {
 
 	defer initializedStampFile.Close()
 
-	if err := initializedStampFile.Chown(initContainerFlags.uid, initContainerFlags.uid); err != nil {
+	if err := initializedStampFile.Chown(initContainerFlags.uid, initContainerFlags.gid); err != nil {
 		return errors.New("failed to change ownership of initialization stamp")
 	}
 

src/pkg/utils/utils.go

@@ -453,6 +453,11 @@ func GetMountOptions(target string) (string, error) {
 }
 
 func GetRuntimeDirectory(targetUser *user.User) (string, error) {
+	gid, err := strconv.Atoi(targetUser.Gid)
+	if err != nil {
+		return "", fmt.Errorf("failed to convert group ID to integer: %w", err)
+	}
+
 	uid, err := strconv.Atoi(targetUser.Uid)
 	if err != nil {
 		return "", fmt.Errorf("failed to convert user ID to integer: %w", err)
@@ -476,7 +481,7 @@ func GetRuntimeDirectory(targetUser *user.User) (string, error) {
 		return "", wrapped_err
 	}
 
-	if err := os.Chown(toolboxRuntimeDirectory, uid, uid); err != nil {
+	if err := os.Chown(toolboxRuntimeDirectory, uid, gid); err != nil {
 		wrapped_err := fmt.Errorf("failed to change ownership of the runtime directory %s: %w",
 			toolboxRuntimeDirectory,
 			err)