feat: Pass group id (GID) in --user flag when calling docker run

Author: manu-chroma

cwltool/docker_uid.py

@@ -5,20 +5,20 @@
 from typing import List, Text
 
 
-def docker_vm_uid():  # type: () -> int
+def docker_vm_id():  # type: () -> int, int
     """
-    Returns the UID of the default docker user inside the VM
+    Returns the User ID and Group ID of the default docker user inside the VM
 
     When a host is using boot2docker or docker-machine to run docker with
     boot2docker.iso (As on Mac OS X), the UID that mounts the shared filesystem
     inside the VirtualBox VM is likely different than the user's UID on the host.
-    :return: The numeric UID (as a string) of the docker account inside
+    :return: A tuple containing numeric User ID and Group ID (as a string) of the docker account inside
     the boot2docker VM
     """
     if boot2docker_running():
-        return boot2docker_uid()
+        return boot2docker_id()
     elif docker_machine_running():
-        return docker_machine_uid()
+        return docker_machine_id()
     else:
         return None
 
@@ -97,21 +97,24 @@ def cmd_output_to_int(cmd):  # type: (List[Text]) -> int
 
 def boot2docker_uid():  # type: () -> int
     """
-    Gets the UID of the docker user inside a running boot2docker vm
-    :return: the UID, or None if error (e.g. boot2docker not present or stopped)
+    Gets the UID and GID of the docker user inside a running boot2docker vm
+    :return: tuple (UID, GID), or (None, None) if error (e.g. boot2docker not present or stopped)
     """
-    return cmd_output_to_int(['boot2docker', 'ssh', 'id', '-u'])
-
+    uid = cmd_output_to_int(['boot2docker', 'ssh', 'id', '-u'])
+    gid = cmd_output_to_int(['boot2docker', 'ssh', 'id', '-g'])
+    return (uid, gid)
 
 def docker_machine_uid():  # type: () -> int
     """
     Asks docker-machine for active machine and gets the UID of the docker user
     inside the vm
-    :return: the UID, or None if error (e.g. docker-machine not present or stopped)
+    :return: tuple (UID, GID), or (None, None) if error (e.g. docker-machine not present or stopped)
     """
     machine_name = docker_machine_name()
-    return cmd_output_to_int(['docker-machine', 'ssh', machine_name, "id -u"])
+    uid = cmd_output_to_int(['docker-machine', 'ssh', machine_name, "id -u"])
+    gid = cmd_output_to_int(['docker-machine', 'ssh', machine_name, "id -g"])
+    return (uid, gid)
 
 
 if __name__ == '__main__':
-    print(docker_vm_uid())
+    print(docker_vm_id())

cwltool/job.py

@@ -19,7 +19,7 @@
 from .utils import copytree_with_merge, docker_windows_path_adjust, onWindows
 from . import docker
 from .builder import Builder
-from .docker_uid import docker_vm_uid
+from .docker_uid import docker_vm_id
 from .errors import WorkflowException
 from .pathmapper import PathMapper
 from .process import (UnsupportedRequirement, empty_subtree, get_feature,
@@ -392,12 +392,12 @@ def run(self, pull_image=True, rm_container=True,
             runtime.append("--log-driver=none")
 
         if onWindows():  # windows os dont have getuid or geteuid functions
-            euid = docker_vm_uid()
+            euid, egid = docker_vm_id()
         else:
-            euid = docker_vm_uid() or os.geteuid()
+            euid, egid = docker_vm_id() or (os.geteuid(), os.getegid())
 
         if kwargs.get("no_match_user", None) is False and euid is not None:
-            runtime.append(u"--user=%s" % (euid))
+            runtime.append(u"--user=%d:%d" % (euid, egid))
 
         if rm_container:
             runtime.append(u"--rm")