From 48f304d0cab3ef3ba3e4030e3dd9633fe13fec26 Mon Sep 17 00:00:00 2001 From: Tim Gross Date: Thu, 10 Apr 2025 10:34:34 -0400 Subject: [PATCH] java: only set nobody user on Unix (#25648) In #25496 we introduced the ability to have `task.user` set for on Windows, so long as the user ID fits a particular shape. But this uncovered a 7 year old bug in the `java` driver introduced in #5143, where we set the `task.user` to the non-existent Unix user `nobody`, even if we're running on Windows. Prior to the change in #25496 we always ignored the `task.user`, so this was not a problem. We don't set the `task.user` in the `raw_exec` driver, and the otherwise very similar `exec` driver is Linux-only, so we never see the problem there. Fix the bug in the `java` driver by gating the change to the `task.user` on not being Windows. Also add a check to the new code path that the user is non-empty before parsing it, so that any third party drivers that might be borrowing the executor code don't hit the same probem on Windows. Ref: https://github.com/hashicorp/nomad/pull/5143 Ref: https://github.com/hashicorp/nomad/pull/25496 Fixes: https://github.com/hashicorp/nomad/issues/25638 --- .changelog/25648.txt | 3 +++ drivers/java/driver.go | 2 +- drivers/shared/executor/executor_windows.go | 3 +++ 3 files changed, 7 insertions(+), 1 deletion(-) create mode 100644 .changelog/25648.txt diff --git a/.changelog/25648.txt b/.changelog/25648.txt new file mode 100644 index 000000000..a519757c7 --- /dev/null +++ b/.changelog/25648.txt @@ -0,0 +1,3 @@ +```release-note:bug +java: Fixed a bug where the default task user was set to 'nobody' on Windows +``` diff --git a/drivers/java/driver.go b/drivers/java/driver.go index 38b98822d..5ed2efa9a 100644 --- a/drivers/java/driver.go +++ b/drivers/java/driver.go @@ -468,7 +468,7 @@ func (d *Driver) StartTask(cfg *drivers.TaskConfig) (handle *drivers.TaskHandle, } user := cfg.User - if user == "" { + if user == "" && runtime.GOOS != "windows" { user = "nobody" } diff --git a/drivers/shared/executor/executor_windows.go b/drivers/shared/executor/executor_windows.go index 9523c0536..9446a11be 100644 --- a/drivers/shared/executor/executor_windows.go +++ b/drivers/shared/executor/executor_windows.go @@ -44,6 +44,9 @@ func withNetworkIsolation(f func() error, _ *drivers.NetworkIsolationSpec) error } func setCmdUser(cmd *exec.Cmd, user string) error { + if user == "" { + return nil + } nameParts := strings.Split(user, "\\") if len(nameParts) != 2 { return errors.New("user name must contain domain")