From 7a4906489c182d4c882e8a099f9ad9d9a98f053b Mon Sep 17 00:00:00 2001
From: Alexander Bantyev <alexander.bantyev@tweag.io>
Date: Wed, 7 Feb 2024 13:50:53 +0400
Subject: [PATCH] Assign the build directory to the effective user, if present

---
 src/libstore/build/local-derivation-goal.cc | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/libstore/build/local-derivation-goal.cc b/src/libstore/build/local-derivation-goal.cc
index d2e49a6b96a..484ae29947b 100644
--- a/src/libstore/build/local-derivation-goal.cc
+++ b/src/libstore/build/local-derivation-goal.cc
@@ -3017,7 +3017,17 @@ void LocalDerivationGoal::deleteTmpDir(bool force)
            might have privileged stuff (like a copy of netrc). */
         if (settings.keepFailed && !force && !drv->isBuiltin()) {
             printError("note: keeping build directory '%s'", tmpDir);
-            chmod(tmpDir.c_str(), 0755);
+            bool chowned = false;
+            struct stat info;
+            stat(tmpDir.c_str(), &info);
+            if (experimentalFeatureSettings.isEnabled(Xp::ACLs))
+                if (auto store = dynamic_cast<LocalGranularAccessStore*>(&worker.store))
+                    if (store->effectiveUser) {
+                        chown(tmpDir.c_str(), store->effectiveUser->uid, info.st_gid);
+                        chowned = true;
+                    }
+            if (!chowned)
+                chmod(tmpDir.c_str(), 0755);
         }
         else
             deletePath(tmpDir);