Stable UIDs for PAM/UNIX users for Keycloak login

Ref https://github.com/WASHNote/washnote-apps/issues/67

abra.sh

@@ -1,4 +1,4 @@
 export CUSTOM_ENTRYPOINT_VERSION=v7
 export OIDC_CONF_VERSION=v1
 export PAM_EXEC_OAUTH2_YAML_VERSION=v1
-export PAM_SCRIPT_AUTH_VERSION=v3
+export PAM_SCRIPT_AUTH_VERSION=v4

pam_script_auth.sh

@@ -6,7 +6,13 @@ if [ -z "$PAM_USER" ]; then
 fi
 
 if ! id "$PAM_USER" &>/dev/null; then
-	adduser "$PAM_USER" --disabled-password --quiet --gecos ""
+	# NOTE(3wc): This generates a stable UID for the user based on the username;
+	# without it, UID→username mapping changes on every container restart, which
+	# creates file ownership issues and prevents RStudio from working.
+	# See https://github.com/WASHNote/washnote-apps/issues/67
+	uid=$(echo "$PAM_USER" | md5sum | grep -Eo "[[:digit:]]{3}"  | head -n1)
+	uid=$((1000+uid))
+	adduser --uid="$uid" "$PAM_USER" --disabled-password --quiet --gecos ""
 fi
 
 exit 0