exec: Set LOGNAME env var on exec based drivers. (#26703)

Typically the `LOGNAME` environment variable should be set according
to the values within `/etc/passwd` and represents the name of the
logged in user. This should be set, where possible, alongside the
USER and HOME variables for all drivers that use the shared
executor and do not use a sub-shell.

.changelog/26703.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+exec: Correctly set the `LOGNAME` env var when the job specification user value is set
+```

drivers/shared/executor/executor_linux.go

@@ -237,6 +237,7 @@ func (l *LibcontainerExecutor) Launch(command *ExecCommand) (*ProcessState, erro
 			return nil, err
 		}
 		process.Env = append(process.Env, fmt.Sprintf("USER=%s", u.Username))
+		process.Env = append(process.Env, fmt.Sprintf("LOGNAME=%s", u.Username))
 		process.Env = append(process.Env, fmt.Sprintf("HOME=%s", u.HomeDir))
 	}
 

drivers/shared/executor/executor_linux_test.go

@@ -865,6 +865,37 @@ func TestExecutor_UserEnv(t *testing.T) {
 	must.Eq(t, output, "runner")
 }
 
+func TestExecutor_LogNameEnv(t *testing.T) {
+	t.Parallel()
+	testutil.RequireCILinux(t)
+	testutil.ExecCompatible(t)
+
+	testExecCmd := testExecutorCommandWithChroot(t)
+	execCmd, allocDir := testExecCmd.command, testExecCmd.allocDir
+	execCmd.Cmd = "/bin/bash"
+	execCmd.Args = []string{"-c", "echo $LOGNAME"}
+	execCmd.User = "runner"
+	execCmd.ResourceLimits = true
+	defer allocDir.Destroy()
+
+	executor := NewExecutorWithIsolation(testlog.HCLogger(t), compute)
+	defer executor.Shutdown("SIGKILL", 0)
+
+	ps, err := executor.Launch(execCmd)
+	must.NoError(t, err)
+	must.NonZero(t, ps.Pid)
+
+	state, err := executor.Wait(context.Background())
+	must.NoError(t, err)
+	must.Zero(t, state.ExitCode)
+
+	_, ok := executor.(*LibcontainerExecutor)
+	must.True(t, ok)
+
+	output := strings.TrimSpace(testExecCmd.stdout.String())
+	must.Eq(t, output, "runner")
+}
+
 func TestExecCommand_getCgroupOr_off(t *testing.T) {
 	ci.Parallel(t)
 

drivers/shared/executor/executor_unix.go

@@ -101,8 +101,9 @@ func setCmdUser(cmd *exec.Cmd, userid string) error {
 	cmd.SysProcAttr.Credential.Gid = uint32(gid)
 	cmd.SysProcAttr.Credential.Groups = gids
 
-	// Override HOME and USER environment variables
+	// Override USER, LOGNAME, and HOME environment variables.
 	cmd.Env = append(cmd.Env, fmt.Sprintf("USER=%s", u.Username))
+	cmd.Env = append(cmd.Env, fmt.Sprintf("LOGNAME=%s", u.Username))
 	cmd.Env = append(cmd.Env, fmt.Sprintf("HOME=%s", u.HomeDir))
 
 	return nil

website/content/docs/job-specification/task.mdx

@@ -110,8 +110,8 @@ job "docs" {
   [Docker][] images specify their own default users. Clients can restrict
   [which drivers][user_drivers] are allowed to run tasks as [certain
   users][user_denylist]. On UNIX-like systems, setting `user` also affects
-  the environment variables `HOME` and `USER` available to the task.  On
-  Windows, when Nomad is running as a [system service][service] for the
+  the environment variables `HOME`, `USER`, and `LOGNAME` available to the task.
+  On Windows, when Nomad is running as a [system service][service] for the
   [`raw_exec`][raw_exec] driver, you may specify a less-privileged service user.
   For example, `NT AUTHORITY\LocalService`, `NT AUTHORITY\NetworkService`.
 

website/content/docs/reference/runtime-environment-settings.mdx

@@ -112,9 +112,9 @@ behavior.
 
 Nomad passes the environment variables defined in the client host to tasks
 when using the `exec`, `raw_exec`, and `java` task drivers. Nomad also modifies
-`HOME` and `USER` variables for tasks that have the `user` parameter set, to
-reflect the set username. The variables that are passed to the tasks can be
-controlled using the client configuration [`env.denylist`][].
+`HOME`, `USER`, and `LOGNAME` variables for tasks that have the `user` parameter
+set, to reflect the set username. The variables that are passed to the tasks can
+be controlled using the client configuration [`env.denylist`][].
 
 [jobspec]: /nomad/docs/job-specification 'Nomad Job Specification'
 [filesystem internals]: /nomad/docs/concepts/filesystem