From b97a7f679f47f38c01d1be9c4040c1c73545a87a Mon Sep 17 00:00:00 2001
From: 3wc <3wc@doesthisthing.work>
Date: Wed, 22 Feb 2023 12:18:22 -0500
Subject: [PATCH] Stable UIDs for PAM/UNIX users for Keycloak login

Ref https://github.com/WASHNote/washnote-apps/issues/67
---
 abra.sh            | 2 +-
 pam_script_auth.sh | 8 +++++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/abra.sh b/abra.sh
index fd963c6..101d3f7 100644
--- a/abra.sh
+++ b/abra.sh
@@ -1,4 +1,4 @@
 export CUSTOM_ENTRYPOINT_VERSION=v7
 export OIDC_CONF_VERSION=v1
 export PAM_EXEC_OAUTH2_YAML_VERSION=v1
-export PAM_SCRIPT_AUTH_VERSION=v3
+export PAM_SCRIPT_AUTH_VERSION=v4
diff --git a/pam_script_auth.sh b/pam_script_auth.sh
index 113a6e0..35c8ca0 100755
--- a/pam_script_auth.sh
+++ b/pam_script_auth.sh
@@ -6,7 +6,13 @@ if [ -z "$PAM_USER" ]; then
 fi
 
 if ! id "$PAM_USER" &>/dev/null; then
-	adduser "$PAM_USER" --disabled-password --quiet --gecos ""
+	# NOTE(3wc): This generates a stable UID for the user based on the username;
+	# without it, UID→username mapping changes on every container restart, which
+	# creates file ownership issues and prevents RStudio from working.
+	# See https://github.com/WASHNote/washnote-apps/issues/67
+	uid=$(echo "$PAM_USER" | md5sum | grep -Eo "[[:digit:]]{3}"  | head -n1)
+	uid=$((1000+uid))
+	adduser --uid="$uid" "$PAM_USER" --disabled-password --quiet --gecos ""
 fi
 
 exit 0