Improve setuser: set auxilliary groups and more environment variables

Changelog.md

@@ -4,6 +4,7 @@
  * Much improved `my_init`:
    * It is now possible to run and watch a custom command, possibly in addition to running runit. See "Running a one-shot command in the container" in the README.
    * It is now possible to skip running startup files such as /etc/rc.local.
+ * `setuser` now also set auxilliary groups, as well as more environment variables such as `USER` and `UID`.
 
 ## 0.9.5 (release date: 2014-02-06)
 

image/setuser

@@ -1,12 +1,26 @@
-#!/bin/bash
-set -e
+#!/usr/bin/python2
+import sys, os, pwd
 
-user="$1"
-shift
+if len(sys.argv) < 3:
+	sys.stderr.write("Usage: /sbin/setuser USERNAME COMMAND [args..]\n")
+	sys.exit(1)
 
-if [[ "$user" == "root" ]]; then
-	export HOME=/root
-else
-	export HOME=/home/$user
-fi
-exec chpst -u "$user" "$@"
+def abort(message):
+	sys.stderr.write("setuser: %s\n" % message)
+	sys.exit(1)
+
+username = sys.argv[1]
+try:
+	user = pwd.getpwnam(username)
+except KeyError:
+	abort("user %s not found" % username)
+os.initgroups(username, user.pw_gid)
+os.setgid(user.pw_gid)
+os.setuid(user.pw_uid)
+os.environ['USER'] = username
+os.environ['HOME'] = user.pw_dir
+os.environ['UID']  = str(user.pw_uid)
+try:
+	os.execvp(sys.argv[2], sys.argv[2:])
+except OSError as e:
+	abort("cannot execute %s: %s" % (sys.argv[2], str(e)))