From 6eed2811b2b50e560a9ad526ed6dbd8dc2a49401 Mon Sep 17 00:00:00 2001
From: Brad Fitzpatrick <bradfitz@tailscale.com>
Date: Wed, 2 Feb 2022 13:37:03 -0800
Subject: [PATCH] wgengine/netstack: start supporting different SSH users

Updates #3802

Change-Id: I44de6897e36b1362cd74c9b10c9cbfeb9abc3dbc
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
---
 wgengine/netstack/ssh.go | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/wgengine/netstack/ssh.go b/wgengine/netstack/ssh.go
index bd70bfc8b..1675c7f9d 100644
--- a/wgengine/netstack/ssh.go
+++ b/wgengine/netstack/ssh.go
@@ -107,7 +107,13 @@ func (ns *Impl) handleSSH(s ssh.Session) {
 		return
 	}
 
-	cmd := exec.Command("/bin/bash")
+	var cmd *exec.Cmd
+	sshUser := s.User()
+	if os.Getuid() != 0 || sshUser == "root" {
+		cmd = exec.Command("/bin/bash")
+	} else {
+		cmd = exec.Command("/usr/bin/env", "su", "-", sshUser)
+	}
 	cmd.Env = append(cmd.Env, fmt.Sprintf("TERM=%s", ptyReq.Term))
 	f, err := pty.Start(cmd)
 	if err != nil {