Bug 327507

I added FEATURES="usersync" to make.conf and changed owner of $PORTDIR to portage, but emerge --sync still invokes rsync with root user the first time.

Reproducible: Always

Steps to Reproduce:
1. add FEATURES=usersync to make.conf
2. chown portage $PORTDIR
3. iptables -A OUTPUT -p tcp --dport rsync -m owner --uid-owner portage -j ACCEPT
4. emerge --sync

Actual Results:  
Emerge hangs. Doing a netstat shows the connection waiting on status SYN_SENT; doing a ps aux shows that rsync is invoked by root user instead of portage (and thus blocked by firewall). Sync can not complete.

Expected Results:  
rsync should be invoked as portage, and thus emerge --sync should complete fine.

If I remove the user constraint from firewall, emerge --sync completes fine. During sync, a ps aux shows that rsync is correctly invoked as portage user. It seems that only for initial invocation of rsync (the one for timestamp) root is used.
I could test only on a Sparc system, but I think it does not depend on the platform.

ps aux while hanging:
... 
root      9778  1.0  0.2   4144  1176 pts/1    S+   20:56   0:00 rsync --recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --verbose rsync://91.186.30.235/gentoo-portage/metadata/timestamp.chk /tmp/tmp39GzjS 
...

ps aux while syncing when user constraint removed from firewall:
... 
portage   9913 28.7  0.4   8136  2312 pts/1    D+   20:57   0:01 rsync --recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --verbose rsync://134.68.240.40/gentoo-portage/ /usr/portage 
portage   9916  7.6  0.8  49064  4136 pts/1    S+   20:57   0:00 rsync --recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --verbose rsync://134.68.240.40/gentoo-portage/ /usr/portage 
...

emerge --info:
Portage 2.1.8.3 (default/linux/sparc/10.0/server, gcc-4.3.4, glibc-2.10.1-r1, 2.6.32-gentoo-r7 sparc64)
=================================================================
System uname: Linux-2.6.32-gentoo-r7-sparc64-sun4u-with-gentoo-1.12.13
Timestamp of tree: Wed, 07 Jul 2010 18:30:01 +0000
distcc 3.1 sparc-unknown-linux-gnu [disabled]
app-shells/bash:     4.0_p37
dev-lang/python:     2.6.4-r1
sys-apps/baselayout: 1.12.13
sys-apps/sandbox:    1.6-r2
sys-devel/autoconf:  2.65
sys-devel/automake:  1.11.1
sys-devel/binutils:  2.18-r3
sys-devel/gcc:       4.3.4
sys-devel/gcc-config: 1.4.1
sys-devel/libtool:   2.2.6b
virtual/os-headers:  2.6.30-r1
ACCEPT_KEYWORDS="sparc"
ACCEPT_LICENSE="* -@EULA"
CBUILD="sparc-unknown-linux-gnu"
CFLAGS="-O2 -mcpu=ultrasparc -mtune=ultrasparc -mvis -pipe -Wa,-Av8plusa"
CHOST="sparc-unknown-linux-gnu"
CONFIG_PROTECT="/etc"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/udev/rules.d"
CXXFLAGS="-O2 -mcpu=ultrasparc -pipe"
DISTDIR="/home/gentoo/distfiles"
EMERGE_DEFAULT_OPTS="--ask-enter-invalid --quiet-build"
FEATURES="assume-digests buildpkg candy distlocks fixpackages metadata-transfer news parallel-fetch protect-owned sandbox sfperms strict unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync"
GENTOO_MIRRORS=" http://mirror.switch.ch/mirror/gentoo/"
LANG="en_US"
LDFLAGS="-Wl,-O2"
LINGUAS="en"
MAKEOPTS="-j2"
PKGDIR="/home/gentoo/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_EXTRA_OPTS="--exclude-from=/home/gentoo/exclude.txt"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/home/gentoo/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/home/gentoo/overlay"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="acl apache2 berkdb bzip2 cli cracklib crypt cxx dri gcc64 gdbm gpm iconv ipv6 modules mudflap mysql ncurses nls nptl nptlonly pam pcre perl pppd python readline reflection session snmp sparc spl ssl sysfs tcpd threads truetype unicode xml xorg zlib" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="fbdev glint mach64 mga r128 radeon sunbw2 suncg14 suncg3 	suncg6 sunffb sunleo tdfx voodoo" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" 
Unset:  CPPFLAGS, CTARGET, FFLAGS, INSTALL_MASK, LC_ALL, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS